Expanding audit log coverage to Jira/Confluence permissions and Bitbucket

Hello Atlassian Community,

Since we launched organization audit logs in Atlassian Cloud, we have been iterating on our logging capabilities and expanding coverage across an organization’s administrative and user activity.

Up until now, Atlassian’s cloud audit logs cover the following (non-exhaustive) sets of events:

• Organization administration

• Organizational security controls and authentication policies

• User and group management

• Jira user activity on issues

• Confluence user activity on pages

As we continue to launch and explore new auditing capabilities and activity types, we constantly keep in mind the conversations we have with many of you. It is incredibly important we understand where your audit log coverage and capabilities needs are to help you meet your security and compliance requirements.

With that said, we are excited to announce we have expanded audit activity coverage to over 100 new event types and span three cloud products! These new activity logs are available within Atlassian Access and the Cloud Enterprise edition.

Here is what’s new to the organization audit logs this year:

• Permissions change events for Jira Software Cloud

• Permissions change events for Confluence Cloud

• Administrative and security events for Bitbucket Cloud

Monitor Changes to Permissions in Jira and Confluence

Permissions controls are an essential tool in managing access to sensitive data and the highly granular and customizable permissions tools in Jira and Confluence offer a deep well of capabilities to do so. However, changes to permissions settings or improperly configured permissions are a common source of data leakage and exposure. This makes logging and audit coverage of these changes a vital security need and many of you agree.

As of today, you will find comprehensive audit coverage of changes to permissions in both Jira and Confluence cloud. When we say comprehensive, we mean it. Our new audit coverage for permissions includes every type of permission change, ranging from role updates to global permissions to a user controlling the privacy of an individual Confluence page.

You might have seen horror stories of admins misconfiguring a Jira board or Confluence space and giving permissions to the public internet. With the new permissions logs, you’ll be able to know what happened and trace back the problem.

These events will roll out first to Cloud Enterprise customers, followed by customers of Atlassian Access. User-initiated activity will remain restricted to the Cloud Enterprise edition.

Take a look at our documentation to learn more about permission events tracked in the audit log.

Permissions Change Logs for Jira Cloud

We’re adding the following event categories to achieve comprehensive coverage of permissions changes and actions that lead to permissions changes within Jira:

• Jira Global permissions (example: revoke Jira administration permissions from the Engineering group)

• Jira Project permissions (example: create a permission scheme)

• Jira Issue security permissions (example: assign issue security scheme to Jira project)

• Jira Project Roles (example: add project role)

Permissions Change Logs for Confluence Cloud

We’re adding the following event categories to achieve comprehensive coverage of permissions changes and actions that lead to permissions changes within Confluence:

• Confluence Global permissions (example: revoke space creation permissions from the default group)

• Confluence Space permissions (example: locking a space to only the Finance group

• Confluence page restrictions (example: adding a user to a restricted page)

Review Administrative and Security Events for Bitbucket Cloud

Admins will now be able to integrate their Bitbucket Workspaces with Atlassian organizations, which will enable centralized audit logging for Bitbucket Cloud.

The organization audit logs provide substantial activity coverage of Bitbucket workspace configuration and user security, enhancing an admin’s visibility into potential suspicious behavior within Bitbucket.

Learn more about the new Bitbucket audit logs available in Atlassian Access.

Where To View Audit logs

As always, all new audit events are available both in the Atlassian admin user interface (admin.atlassian.com), as well as through our REST API, so you can automate security monitoring and ingest events to pipe to external tools or cold storage.

What’s Next?

Last time, we promised continued ongoing investment in audit logs for Atlassian cloud products. We hope the substantial size of this year’s improvements demonstrates the strength of our commitment to your security and compliance needs. In 2022, we will have a seven-fold increase in new audit event types compared to last year.

In 2023, we will continue to invest in expanding coverage, but with the sheer volume of different events now available, we will also turn our attention to improving the means by which you can interact with the vast quantity of audit events we are producing.

Interacting with audit logs often takes the form of hunting for the tiniest needle of information within a vast haystack, and we’ve just massively expanded the possible size of that haystack. To solve that, we’re exploring streaming and real-time API access to audit logs, as well as completely rebuilt search and filtering experiences in the UI.

As always, we drive our work from customer need. If you have any feedback or questions, please let us know below. Be sure to take a look at other community members' comments/questions and up-vote those you find interesting.