Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1736

Ability to pull Org level audit logs using read-only access API key

    • 9
    • 12
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      As of right now, the only way to pull the Org level audit logs located at admin.atlassian.com > Security > Audit log to another location is to use the organization REST API which is required to use the Org level API key for authentication and authorization.

      The problem with it is that the Org level API key also grants full organization-level access where you can update organization settings and manage user accounts.

      So, it would be beneficial to our customer if we can separate the permission to pull the Org level audit logs from any other Org level permissions and add the ability to grant read-only access to the logs using the API key.

            [ACCESS-1736] Ability to pull Org level audit logs using read-only access API key

            John Price added a comment - - edited

            Update - I got sent here by a client who's trying to do this.  To clarify (tested this, and have recently spoken with Advisory Services with input from the REST API Product Owner)

            • There are now scoped admin API Keys (Atlassian is phasing out unscoped admin API Keys and User Tokens).
            • The currently available list of READ scopes does not include "Audit Logs".
            • Therefore you have to use an unscoped admin key to do things like export logs to Splunk or DataDog.
            • Security teams don't usually like you using a read/write "god key" just to pull logs.

             

            John Price added a comment - - edited Update - I got sent here by a client who's trying to do this.  To clarify (tested this, and have recently spoken with Advisory Services with input from the REST API Product Owner) There are now scoped admin API Keys (Atlassian is phasing out unscoped admin API Keys and User Tokens). The currently available list of READ scopes does not include "Audit Logs". Therefore you have to use an unscoped admin key to do things like export logs to Splunk or DataDog. Security teams don't usually like you using a read/write "god key" just to pull logs.  

            John Price added a comment -

            Org API Keys have scope now, so doesn't this just work?

            https://developer.atlassian.com/cloud/admin/scopes/

            John Price added a comment - Org API Keys have scope now, so doesn't this just work? https://developer.atlassian.com/cloud/admin/scopes/

            Tahaa B added a comment -

            Hello, is there any update on this request? It would be very useful to export our audit logs without giving org admin access API key

            Tahaa B added a comment - Hello, is there any update on this request? It would be very useful to export our audit logs without giving org admin access API key

            The requestor here may want to consider sending a webhook outbound from Atlassian to a log collector. 

            See the recently released feature: https://support.atlassian.com/security-and-access-policies/docs/learn-more-about-audit-log-webhooks/ 

            Stefan Papakostopoulos added a comment - The requestor here may want to consider sending a webhook outbound from Atlassian to a log collector.  See the recently released feature: https://support.atlassian.com/security-and-access-policies/docs/learn-more-about-audit-log-webhooks/  

              Unassigned Unassigned
              d5e5bcff7211 Joe Win
              Votes:
              25 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated: