what events are captured in the audit log

Hi @Trudy Claspill 
Thank you for your prompt response to our question.

I was unable to view the third link, however I believe it is the events described in the 2nd link you provided which are the Events Of Interest we are after, for both Confluence and Jira - thank you.

Our objective is to ingest these cyber-security related events into MS Sentinel Security Information and Event Management (SIEM) for triage and correlation. 

It does appear the Jira audit (link1) has a more product content and workflow focus whereas the Confluence audit (link2) has exactly the events we are looking for.

The Confluence link is supported by a native Sentinel connector.

Q. Are those same audit events available for Jira as well as Confluence, and if so, how?

Events of interest

• User Access 
  • Timestamped User log in/out 
  • Timestamped Admin log in/out
• User and group changes
  • User created, deactivated, or reactivated
  • User details updated
  • User added to or removed from group
  • Group added or deleted
• Global administration changes
  • Global settings changed
  • Site logo changed
  • Color scheme modified
• Permissions changes
  • Global permission added or removed
    • including “anonymous” access
  • Space permission added or removed
    • including “anonymous” access
  • Content restriction added or removed
• Public link changes
  • Enabled or disabled
• Content interaction events 
  • Archived or restored
  • Viewed with Admin Key

Hello Colin,

The first link in my response details the audited events for Jira. If what you seek is not listed then I would assume the events are not audited in Jira. You could try executing actions associated with the events and then check the audit log to confirm.

The third link is will be accessible only to individuals that have specific higher level administrator access, such as Organization Admins. The third link provided by @Prachi Bolar is the documentation about Audit Logs available at that level.

Hi  @Prachi Bolar 

Thanks for the welcome.
Yes that is what @Trudy Claspill had posted above, but thank you for taking the time to reply!

:-)

My struggle was that when you compare the details the two articles say their logging provides, Confluence talks clearly about all the cyber-security-focused events I listed which we want to monitor, whereas the Jira article doesn't even mention most of those events we are interested in, rather, it talks about Jira-workflow-configuration events and even specifically mentions that "... events like users being created or assigned to groups won't include the username of the user who made the change."

The Confluence article clearly states that "The audit log allows administrators to look back at the history of key changes and events that have happened in Confluence." 

whereas the Jira article states "The audit log isn't intended to record all activity in Jira. The audit log is intended to record configuration changes that can impact users and projects."... so not really the same cyber-security-events viewpoint we were looking for.

I was trying to understand if there was any way to get the same "... history of key changes and events that have happened in ..." Jira, as in Confluence?

Unfortunately as a Tech BA, I do not have admin access or easy recourse to the admins who can view what is available at the enterprise level within your provided reference.
I was hoping someone could tell me if what we are seeking is available via that avenue perhaps, and how that would integrate with MS Sentinel SIEM 

 Regards Col. Sanders