Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Cloud products' audit logs

Sachindra Narayan
Sachindra Narayan August 24, 2021

For an organizational cloud instance, I have some questions on the audit logs of the product.

  • Who would have access to the audit logs? I mean which user role? Or is it that any user can see his/her logs, site admins can see the group logs and organization admins can see all the logs?
  • What information would the audit logs contain? Any user information or kind of Personal Identifiable Information?
  • I understand that the logs are available in .csv format, is there a way we can ensure that the logs can not be manipulated? Kind of read-only settings?
Answer
Watch
Like Be the first to like this
2334 views

2 answers

1 accepted

5 votes
Answer accepted
Walter Buggenhout
Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 24, 2021

Hi @Sachindra Narayan,

I assume that you have read about application audit log functionality in this support article and possibly also about the organization audit log in this support article?

The Jira audit log (about the application) requires Jira Administrator permissions to be accessed. The Organization audit log is available when you have Atlassian Access enabled on your site and is only accessible for Organization Admins. While the first log records changes to application settings, the latter tracks changes to your organization performed by administrators. Do check the articles I linked above for more information on what activities are being logged.

Yes, those logs do contain information that allows to identify users. For tracked events in the Jira application log e.g. it shows which events were executed and who was the user who performed the action (limited to the user name of the author, without further details). 

Inside the application, the audit logs cannot be manipulated. So you have control and assurance that the data there are reflecting the truth. However, exported data are no longer in the system. What happens with data that are no longer in the system is not under the control of that system. So, at that point with the role of the Jira or Organization Administrator comes the great responsibility to safeguard that data correctly.

View More Comments
Sachindra Narayan
Sachindra Narayan August 24, 2021

Thanks @Walter Buggenhout . This sums up perfectly fine. Just a couple of things.

  • There is a mention of an open issue that says "For example, events like users being created or assigned to groups won't include the username of the user who made the change." in the first link. Does this mean that if I create a user or a group as a site admin, I wont have a mention in the audit logs?
  • Also, only the organization admins would have access to the audit logs and not the site admins.
Like
Walter Buggenhout
Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 24, 2021

About that known issue: the event will be listed in the event log, but "JIRA" will be mentioned as the author instead of the real author.

And if the documentation is correct, yes: it is only organization admins that have access to the audit logs in admin.atlassian.com.

Like Sachindra Narayan likes this
Sachindra Narayan
Sachindra Narayan August 25, 2021

@Walter Buggenhout  is there any way to dump the audit logs from JIRA and Confluence to a third party SIEM tool, QRadar?

Like
Walter Buggenhout
Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 26, 2021

Hi @Sachindra Narayan,

That depends on the possibilities QRadar offers to import or upload the data. I am not aware of the capabilities on that end. On the Atlassian side you either have the csv export or the REST API to work with.

Like Anna Filipiak likes this
Reply
0 votes
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 24, 2021

@Sachindra Narayan Welcome to the community

Audit logs are available to the Confluence administrators.  You can not manipulate them and it does show what user did what.  Once you export to CSV someone could change the csv but the audit log would contain the same information.  You can learn more here: https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events