Audit Log API

Overview

Asana’s Audit Log API provides admins in Enterprise organizations access to an immutable log of key events across their organization. Using the Audit Log API, super admins can capture and act upon important security and compliance related changes.

How to use the Audit Log API

Super admins in Enterprise organizations can use Asana’s Audit Log API to:

1. Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk
2. Conduct reactive investigations when a security incident takes place
3. Visualize key domain data in aggregate to identify security trends

Event categories

Asana’s audit log API includes dozens of events, including:

1. Key changes made by admins in the admin console such as workspace_export_started, workspace_password_requirements_changed, and user_workspace_admin_role_changed
2. Critical user access events such as user_login_succeeded, user_login_failed, user_invited,and team_member_added
3. Deletion events such as task_deleted, task_undeleted, and portfolio_deleted
4. Export events such as project_csv_export_initiated and workspace_teams_export_started
5. Data and asset management events, such as attachment_uploaded and attachment_downloaded

For a full list and details around the API endpoint, visit the API documentation

Retention period

Asana stores audit logs for 90 days from the date of capture. Those who would like a longer retention period may choose to use their SIEM or another storage solution for continuous log ingestion.

Accessing the audit log API endpoint

Audit logs are accessible to super admins of Enterprise organizations via service accounts.

To see a detailed description of the audit log API endpoint, check out our developer documentation here.

To learn more about using Asana’s audit log API via Asana’s Splunk integration, visit Splunkbase to begin the installation process.