Viewing Audited Events
To help administrators keep track of various events, Security for Jira places entries in Jira’s Audit Log.
Accessing the Audit Log
From the Jira administration page, select Audit log (under “Administration”) from the sidebar. This brings up the “Advanced audit log” page:
.png?inst-v=64aa6715-901d-4496-b9cc-d6013b5cc2e6)
From here, click on the + More button. A new Categories drop-down will appear. From that, select “Soteri Security for Jira” to view only Security for Jira audit log events. You can expand events to see more details:
.png?inst-v=64aa6715-901d-4496-b9cc-d6013b5cc2e6)
Jira audit log access is only available to Jira Administrators.
Audited Events
The following Security for Jira events are currently recorded in the audit log:
Audit Event Category | Description |
|---|---|
Scanning rule toggled | When a user toggles a built-in rule. |
Global setting changed | When a user changes a setting on the settings page. |
App administrator setting changed | When a user or group is added or removed from the list of users and groups with explicit app access. |
Custom scanning rule created | When a user creates a new custom rule. |
Custom scanning rule updated | When a user changes a custom rule. |
Custom scanning rule deleted | When a user deletes a custom rule. |
Scan finding reviewed | When a user marks a scan finding reviewed. |
Scan finding un-reviewed | When a user unmarks a scan finding reviewed. |
Un-reviewed all scan findings | When a user unmarks all findings reviewed for a project. |
Issue scan triggered | When a user triggers a scan of a specific issue. |
Project scan triggered | When a user triggers a scan of a specific project. |
Whole instance scan triggered | When a user triggers a scan of the entire instance. |
Findings exported | When a user exports findings for a specific project. |
Scheduled scans canceled | When scheduled scans are cancelled by a user. |
Dashboard overview exported | When a user exports the dashboard overview. |
All findings exported | When a user exports all findings. |
False positives exported | When a user exports reviewed findings for a specific project. |
All false positives exported | When a user exports all reviewed findings. |
Attachment scan information exported | When a user exports attachment scan information for a specific project. |
All attachment scan information exported | When a user exports all attachment scan information. |
Globally reviewed false positives exported | When a user exports globally reviewed false positives. |
Globally reviewed false positives changed | When a user changes globally reviewed false positives. |
REST API
Jira provides a REST API for accessing all audit log events. For instance, you can fetch recent audit events with a REST API call that looks like this:
curl -u admin https://{jira.server}/rest/api/auditReference the REST API documentation for your Jira version for more information.
External Integration
The Jira audit log can be integrated with external SIEM tools (like the ELK stack) to do things like notify administrators when Security for Jira settings are changed, or potentially sensitive content is published. Reference Atlassian’s Guide to audit log integration for more information.