Generally speaking, when an Anonymous entry is shown in the Audit logs, those entries could refer to operations performed by Bitbucket itself.

An example of such behavior would be when using an external user directory, any changes done on the LDAP host that needs to be mirrored on Bitbucket will be recorded as an anonymous user.

So, there are multiple behaviors that can lead to Anonymous entries showing in the audit logs:

• Bitbucket performing some actions in the background that will use the API (like the AD changes provided as example).
• An user trying to access resources while not logged in. This can happen if the cookie has expired or if an user tries to paste a URL in a private window.
• Users browsing public accessible repositories.

Even though expected, Bitbucket would log their own actions as "anonymous" on Audit logs.

It would be good if we had something to identify Bitbucket as the owner for those actions.