Jira & Confluence Audit Records

Supported OS Linux Windows Mac OS

Overview

If you have additional bug reports, please out to Datadog support with any feedback.

Atlassian’s Jira and Confluence audit records provide comprehensive records of significant activities across user management, project and space configuration, system settings, and authentication events.

This integration brings these audit logs into Datadog, allowing you to manage risks, understand operational trends, and secure your Atlassian environments more effectively with Cloud SIEM. In addition, you can:

  • Control your Jira and Confluence data retention.
  • Build custom widgets and dashboards.
  • Set up detection rules that trigger specific actions.
  • Cross-reference Jira and Confluence events with the data from other services.

These logs include information around:

  • User Management: Creation, deletion, and modification of user accounts. This includes password changes, group membership changes, and changes in user permissions.
  • Project Configuration: Creation, deletion, and updates to projects, including changes to project roles, workflows, issue types, and project permissions.
  • Space and Page Activities: Creation, deletion, and updates to spaces and pages. This might include changes to space permissions, page edits, and moves.
  • System Configuration: Changes to Jira and Confluence settings, such as general configurations, global permissions, application links, and add-on settings.
  • Authentication and Authorization: Login attempts (successful and failed), logout events, and changes to access control lists.

After parsing your Jira and Confluence logs, Datadog then populates the Jira Audit Records and Confluence Audit Records dashboards with insights into security-related events. Widgets include toplists that show the most frequent and infrequent events, and a geolocation map that shows you the country of origin of sign-in attempts.

Setup

  1. From the Configure tab of the Atlassian Audit Records tile, click the Add Atlassian Account button.
  2. Follow the instructions on the Atlassian Audit Records tile to authenticate the integration using OAuth with an Atlassian Administrators Account.

Installation

Data Collected

Metrics

Atlassian Audit Records does not include any metrics.

Service Checks

Atlassian Audit Records does not include any service checks.

Events

Atlassian Audit Records does not include any events.

Logs

Datadog’s Atlassian Audit Records integration collects logs using Jira’s Audit Record API, Confluence’s Audit Record API, or both, which generate logs related to user activity that allow insight into:

  • Which users are making requests in Jira, Confluence, or both
  • What type of requests are being made
  • The total number of requests made

For more granular details on the properties included in each log visit the Response Section of Confluence Audit Records API Docs or the Response Section of the Jira Audit Records API Docs. To view these categories in the docs linked above, use the following steps:

  1. In the Response section underneath AuditRecords Container for a list of audit records, click the Show child properties button. A list of Child properties for the API response appears.
  2. Click the arrow next to Records.
  3. Click the Show child properties button that appears.
  4. Another list of child properties included in each log appears. You can then click the dropdown next to each log key to learn more.

Troubleshooting

After I click Authorize, I get error messages from Atlassian

If you select a log type that your account doesn’t have access to, you may see an error screen from Atlassian with the message:

Something went wrong 
Close this page and try again, or raise a support request.

In this case, navigate back to the Atlassian tile in Datadog. Then, select the log type that your account can access and reauthorize the account.

I’m authenticated to an account, but I’m not seeing logs from all environments.

Currently, you have to authenticate for each site separately. For example, if you’re an administrator for multiple sites, you’d need to authenticate for each site separately which is an Atlassian known issue.

Is CORS allowlisting supported?

Yes, for more details see this section of the Atlassian Docs.

I installed this integration before 07/02/2024 and am not seeing any logs.

If you installed this integration before 07/02/2024, you might be affected by a known bug. To resolve this, you may need to reinstall the integration. This involves deleting the current account and reauthenticating using an account with admin privileges for Confluence, Jira, or both.

Need help?