Announcing Asana’s Audit Log API!

Hello all! My name is Sam, and I’m a member of Asana’s Product team. Today, I’m excited to announce the launch of Asana’s new Audit Log API. This new feature is designed to provide admins in Enterprise organizations visibility into key security and compliance events within their organizations. We expect that Enterprise organizations may want to leverage our Audit Log API to:

  1. :rotating_light: Set up proactive alerting with a Security Information and Event Management (SIEM) tool (we also launched an Asana-built Splunk app today, which you can learn more about here!)
  2. :scroll: Conduct reactive investigations when a security incident takes place
  3. :framed_picture: Visualize key domain data in aggregate to identify security trends

You can visit the developer docs here for full details around each event and the API endpoint. We’re currently capturing over 75 event types across a range of categories; I included a full list at the bottom of this post. Each event includes standard details like actor and resource, and some events additionally include custom schema specific to the type of event.

The Audit Log API endpoint is accessible to Enterprise organizations and, like our SCIM endpoint, is authenticated via a Service Account. We retain audit logs for 90 days after we capture them, though you can maintain a longer retention period via your SIEM or storage solution of choice.

We expect to add new events over time and we’ll share them on this post when we do, so please do follow this post if you’d like to learn about updates as they come. Thanks, and happy Wednesday!

Full list of events:

  • Logins : user_login_succeeded, user_login_failed, user_logged_out
  • User Updates : user_invited, user_deprovisioned, user_reprovisioned, user_forgot_password_started, user_password_reset, user_password_changed, user_two_factor_auth_e nabled , user_two_factor_auth _disabled
  • Content Export : workspace_export_started , search_report_export_started , workspace_teams_export_started , workspace_members_export_started, division_teams_export_started , project_csv_export_started
  • Access Control : project_share_link_enabled , project_share_link_disabled , project_view_link_enabled, project_view_link_disabled, team_privacy_settings_changed , team_member_added , team_member_removed , project_member_added , project_member_removed , project_privacy_settings_changed
  • Apps : user_app_authorized, user_app_revoked, user _ personal_access_token_authorized , user _ personal_access_token_revoked , service_account_created, service_account_deleted , service_account_name_changed, team_harvest_integration_enabled , team_harvest_integration_disabled
  • Creation : team_created
  • Admin Settings : workspace_google_sso_ settings_changed, workspace_saml_settings_changed , workspace_saml_url_changed, workspace_password_requirements_changed , workspace_force_password_reset , workspace_guest_invite_permissions_changed , workspace_file_attachment_options_changed , workspace_default_team_privacy_settings_changed , workspace_wide_reporting_enabled, workspace_wide_reporting_disabled, workspace_associated_email_domain_ added, workspace_associated_email_domain_ removed, workspace_require_two_factor_auth_disabled, workspace_require_two_factor_auth_disabled, workspace_share_links_enabled, workspace_share_links_disabled
  • Roles : user_workspace_admin_role_changed, user_division_admin_role_changed
  • Deletion : task_deleted , task_permanently_deleted , task_undeleted , project_deleted , project_undeleted , portfolio_deleted , portfolio_undeleted , goal_deleted , goal_undeleted , custom_field_deleted , custom_field_undeleted, message_deleted , message_undeleted , message_permanently_deleted, status_update _deleted , status_update _undeleted , status_update_permanently_deleted, team_deleted , team_undeleted , attachment_deleted , attachment_undeleted , comment_deleted , comment_undeleted

Hello! Just a quick note to announce that as of today (1/24/22), we’ve started capturing three new audit log events for Enterprise domains: workspace_announcement_created, workspace_announcement_removed, and workspace_default_session_duration_changed. These events are captured in our developer documentation here.


Hello! Another quick note here to announce that as of Friday (2/04/22), we’ve started capturing two more audit log events for Enterprise domains: attachment_downloaded and attachment_uploaded . Like with our other audit log events, more information can be found in our developer documentation here.


Hello again! Just a quick note that as of 3/3/22, we began capturing three new events for Enterprise domains: task_template_deleted, task_template_undeleted, project_template_deleted, and project_template_undeleted. These events are captured in our developer documentation here.

1 Like

Hi all! Just a quick note that we recently began capturing six new audit events to cover new features in Asana. Those are: workspace_form_link_authentication_required_enabled, workspace_form_link_authentication_required_disabled, workspace_app_admin_approval_setting_changed, workspace_personal_access_token_enabled, workspace_personal_access_token_disabled, and workspace_require_app_approvals_of_type_changed. All audit events are captured in our developer documentation here.

1 Like