Provide customization options for the Organization Audit Logs webhook body

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • Component/s: Audit Log
    • None
    • 4

      Regarding the webhook functionality available in the Atlassian Organizations Audit logs:

      At this moment, it provides 2 fields: 

      • Webhook URL
      • Authorisation Header

      While the current options are usually enough to send the payload to their recipient, some tools require additional fields to be included in the payload. 

      For example, when using Splunk HTTP Event Collector (HEC), the endpoint "/services/collector/event" requires the "index" to be specified in the body. Without that information, it fails with a 400 Bad Request error.  

      Suggestion

      Provide an option to include additional information in the body of the webhook payload. 

      Workaround

      For Splunk specifically, it's possible to send the data to HEC using the raw endpoint: 

      https://your-splunk-url.com/services/collector/raw

      It's also possible to consider configuring a Middleware that will transform the data and include the necessary fields: 

      1. Receives the webhook from Atlassian.
      2. The middleware modifies the JSON payload to include the required field and then forwards the modified payload to the target system. 

            Assignee:
            Unassigned
            Reporter:
            Renan Andrade (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: