Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1558

IP Allowlist audit log to include incident and IP address of blocked requests

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • Audit Log
    • None
    • 7

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      The organization audit logs related to IP allowlisting is not sufficient to know when connections are blocked by the allowlist. For security auditing purposes, admins should be able to see data on when blocks occur. 

      We would like logs specifically around documenting user/IP information when a user is denied access because their IP does not fall under any of the ranges set in the Atlassian allowlist.

      Suggested Solution

      Please add all the details for any blocks that happen when connections are denied by the IP allowlist in the organization audit log entry.

      Examples are:

      • User Name of blocked attempt
      • IP address of blocked attempt

      Why this is important

      This is important to track when a blocked attempt is made for security auditing purposes. We would like logs specifically around documenting user/IP information when a user is denied access because their IP does not fall under any of the ranges set in the Atlassian allowlist. Currently, admins have no visibility to these events.

      Workaround

      No workaround is available right now

            jyu@atlassian.com Jonathon Yu
            6b2430609069 Alexis
            Votes:
            8 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: