Disclaimer: This is a proposal and is subject to changes. Its purpose is to gather feedback.
RFCs are a way for Atlassian to share what we’re working on with our valued developer community.
It’s a document for building shared understanding of a topic. It expresses a technical solution, but can also communicate how it should be built or even document standards. The most important aspect of an RFC is that a written specification facilitates feedback and drives consensus. It is not a tool for approving or committing to ideas, but more so a collaborative practice to shape an idea and to find serious flaws early.
Please respect our community guidelines: keep it welcoming and safe by commenting on the idea not the people (especially the author); keep it tidy by keeping on topic; empower the community by keeping comments constructive. Thanks!
*The scope of this RFC does not cover implementation details and these will be shared in future RFCs.
Summary
Integrate app activity logs into Atlassian audit logs within admin.atlassian.com to enhance monitoring and compliance for Jira and Confluence apps.
- Publish: Sep 23, 2024
- Discuss: Oct 04, 2024
- Resolve: Oct 11, 2024
Problem
Current and prospective cloud customers - especially those in highly regulated industries such as government, finance, or healthcare - require visibility into their app activities to ensure data security and compliance. There are currently no solutions available to customers that would provide any insights into third-party app behaviour.
Providing transparency of app activity is considered a ‘must have’ for enterprise customers’ security teams and often a pre requisite for their cloud move. This is the outcome of a research exercise run with enterprise customers over the past months.
Solution
We propose to show app API calls for Connect, Forge and 3LO apps through the Atlassian audit logs in admin.atlassian.com which is accessible to cloud enterprise customers or Atlassian Guard Premium subscribers. Such integration will provide org admins with a new view to monitor Jira and Confluence app activities, enabling them to take necessary actions proactively if deemed appropriate.
Admins will be able to search and filter for the app API logs through the UI. To do so, they can use the ‘search’ bar or ‘activities’ filter. The result will show the API calls and related response codes.
Alternatively, admins can choose to register for a webhook to stream the API logs to their preferred destination for further analysis or integrate with a threat detection tool they may use. Finally, there is also the option to use the audit log API.
Adding app API calls to the audit log experience will build trust through improved security and compliance and allow for more apps to be part of a customer’s cloud move.
Benefits we aim to deliver:
- Enhanced Security - proactive monitoring of app activities to identify and mitigate potential threats.
- Compliance and Reporting - allowing for compliance reporting for regulated industries.
- Operational Transparency - granular insights into third-party app API logs to help with troubleshooting and improving overall operational transparency
Below screenshot shows how app API calls would show in a first MVP phase
Customer Quote
“a lot of customers will still want to integrate this into a SIEM of some point. So from an integration point of view it will be an easier thing to do if it’s all in a central place”
Ask
We would like to ask our partner community for feedback on the planned app audit log feature incl potential areas of concern.