Hello all! My name is Sam, and I’m a member of Asana’s Product team. Today, I’m excited to announce the launch of Asana’s new Audit Log API. This new feature is designed to provide admins in Enterprise organizations visibility into key security and compliance events within their organizations. We expect that Enterprise organizations may want to leverage our Audit Log API to:
- Set up proactive alerting with a Security Information and Event Management (SIEM) tool (we also launched an Asana-built Splunk app today, which you can learn more about here!)
- Conduct reactive investigations when a security incident takes place
- Visualize key domain data in aggregate to identify security trends
You can visit the developer docs here for full details around each event and the API endpoint. We’re currently capturing over 75 event types across a range of categories; I included a full list at the bottom of this post. Each event includes standard details like actor and resource, and some events additionally include custom schema specific to the type of event.
The Audit Log API endpoint is accessible to Enterprise organizations and, like our SCIM endpoint, is authenticated via a Service Account. We retain audit logs for 90 days after we capture them, though you can maintain a longer retention period via your SIEM or storage solution of choice.
We expect to add new events over time and we’ll share them on this post when we do, so please do follow this post if you’d like to learn about updates as they come. Thanks, and happy Wednesday!
Full list of events:
- Logins : user_login_succeeded, user_login_failed, user_logged_out
- User Updates : user_invited, user_deprovisioned, user_reprovisioned, user_forgot_password_started, user_password_reset, user_password_changed, user_two_factor_auth_e nabled , user_two_factor_auth _disabled
- Content Export : workspace_export_started , search_report_export_started , workspace_teams_export_started , workspace_members_export_started, division_teams_export_started , project_csv_export_started
- Access Control : project_share_link_enabled , project_share_link_disabled , project_view_link_enabled, project_view_link_disabled, team_privacy_settings_changed , team_member_added , team_member_removed , project_member_added , project_member_removed , project_privacy_settings_changed
- Apps : user_app_authorized, user_app_revoked, user _ personal_access_token_authorized , user _ personal_access_token_revoked , service_account_created, service_account_deleted , service_account_name_changed, team_harvest_integration_enabled , team_harvest_integration_disabled
- Creation : team_created
- Admin Settings : workspace_google_sso_ settings_changed, workspace_saml_settings_changed , workspace_saml_url_changed, workspace_password_requirements_changed , workspace_force_password_reset , workspace_guest_invite_permissions_changed , workspace_file_attachment_options_changed , workspace_default_team_privacy_settings_changed , workspace_wide_reporting_enabled, workspace_wide_reporting_disabled, workspace_associated_email_domain_ added, workspace_associated_email_domain_ removed, workspace_require_two_factor_auth_disabled, workspace_require_two_factor_auth_disabled, workspace_share_links_enabled, workspace_share_links_disabled
- Roles : user_workspace_admin_role_changed, user_division_admin_role_changed
- Deletion : task_deleted , task_permanently_deleted , task_undeleted , project_deleted , project_undeleted , portfolio_deleted , portfolio_undeleted , goal_deleted , goal_undeleted , custom_field_deleted , custom_field_undeleted, message_deleted , message_undeleted , message_permanently_deleted, status_update _deleted , status_update _undeleted , status_update_permanently_deleted, team_deleted , team_undeleted , attachment_deleted , attachment_undeleted , comment_deleted , comment_undeleted