Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2357

Provide customization options for the Organization Audit Logs webhook body

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • Audit Log
    • None
    • 2
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Regarding the webhook functionality available in the Atlassian Organizations Audit logs:

      At this moment, it provides 2 fields: 

      • Webhook URL
      • Authorisation Header

      While the current options are usually enough to send the payload to their recipient, some tools require additional fields to be included in the payload. 

      For example, when using Splunk HTTP Event Collector (HEC), the endpoint "/services/collector/event" requires the "index" to be specified in the body. Without that information, it fails with a 400 Bad Request error.  

      Suggestion

      Provide an option to include additional information in the body of the webhook payload. 

      Workaround

      For Splunk specifically, it's possible to send the data to HEC using the raw endpoint: 

      https://your-splunk-url.com/services/collector/raw

      It's also possible to consider configuring a Middleware that will transform the data and include the necessary fields: 

      1. Receives the webhook from Atlassian.
      2. The middleware modifies the JSON payload to include the required field and then forwards the modified payload to the target system. 

            [ACCESS-2357] Provide customization options for the Organization Audit Logs webhook body

              Unassigned Unassigned
              bd4a89fcb3fe Renan Andrade
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: