Integration options for Audit Logs

[janstice]

Problem Statement

We'd like to be able to import platform audit logs (or better still, selected events) into our SIEM to detect things like escalation of account privilege, changes to SSO or MFA settings, integration changes, changes to data scrubbing settings, etc -- the usual things that security teams get excited about (and ask about without fail in security reviews).

Currently the best option here is to build something of the internal undocumented endpoints, which can change without notice - having stable APIs would make things more robust.

Solution Brainstorm

No response

Product Area

Settings - Security & Privacy

[getsantry]

Assigning to @getsentry/support for routing ⏲️

[getsantry]

Routing to @getsentry/product-owners-settings-security-privacy for triage ⏲️

[getsantry]

Routing to @getsentry/product-owners-apis for triage ⏲️

[leedongwei]

We'll try to get the rotational crew to publish the API, but it's quite far down on the priority list so I cannot promise any timelines.