Summary

Enhance Audit Logs to track internal Atlassian system actions and ensure log consistency across platforms.

Description

Customers require greater transparency and traceability for actions performed by Atlassian's internal systems. A recent incident involved the automatic removal of the site-admins group from a Confluence sandbox site, which was caused by a backend system change. The customer's audit log showed a generic System user as the actor, making it impossible for them to identify the specific cause of the issue.

Furthermore, the customer noted a critical discrepancy: the event was visible in their Confluence site's audit log but was not reflected in the centralized Atlassian Admin Console's audit log.

This lack of detail and inconsistency is a significant security and governance concern for our customers, as they cannot fully audit all changes to their environment, even those initiated by Atlassian.

Suggested Features

• Detailed Internal System Logging: Improve the granularity of audit logs to capture more specific information about actions performed by internal Atlassian systems (e.g., `atlassian-internal-system`). The log should ideally identify the specific internal process or service that triggered the event.
• Log Parity: Ensure that all relevant audit events, especially those involving critical security groups and permissions, are consistently recorded in both the individual product's audit log (e.g., Confluence) and the unified Atlassian Admin Console's audit log.
• Actionability: Provide documentation or a clear mechanism for customers to understand what "System" and "atlassian-internal-system" actors represent.

Expected Outcome

Implementing these features would allow customers to:

• Maintain a complete and accurate record of all changes to their instance, including those initiated by Atlassian.
• More effectively investigate security-related issues and ensure compliance.
• Increase customer trust by providing greater transparency into platform operations.