Asana’s Audit Suite includes APIs and Apps that support your organization’s security and compliance posture. Asana currently offers:
- An Audit Log API that captures over a hundred security-and-compliance events. This is accessible to Super Admins of Enterprise+ domains, as well as Super Admins of legacy tier Legacy Enterprise domains, with multiple options to leverage a Security Information and Event Management (SIEM) vendor.
- Closed Enterprise APIs that support Data Loss Prevention (DLP), eDiscovery, and Archiving use cases; and several third-party integration partnerships in these areas.
- Support for Cloud Access Security Broker (CASB) vendors.
If you are interested in connecting with a member of our team about Asana’s Audit Suite support, please fill out this form.
Audit Log API
Visit our pricing page for more information.
Asana’s Audit Log API provides super admins access to an immutable log of key events across their organization. Using the Audit Log API, super admins can capture and act upon important security and compliance related changes.
How to use the Audit Log API
Super admins can use Asana’s Audit Log API to:
- Set up proactive alerting with a Security Information and Event Management (SIEM) tool like Splunk
- Conduct reactive investigations when a security incident takes place
- Visualize key domain data in aggregate to identify security trends
Asana’s audit log API includes dozens of events, including:
- Key changes made by admins in the admin console such as
- Critical user access events such as
- Deletion events such as
- Export events such as
- Data and asset management events, such as
For a full list and details around the API endpoint, visit the API documentation
Asana stores audit logs for 90 days from the date of capture. Those who would like a longer retention period may choose to use their SIEM or another storage solution for continuous log ingestion.
Accessing the Audit Log API endpoint
Audit logs are accessible to super admins via service accounts.
To see a detailed description of the audit log API endpoint, check out our developer documentation here.
To learn more about using Asana’s audit log API via Asana’s Splunk integration, visit Splunkbase to begin the installation process.
To learn more about using Asana’s audit log API via Asana’s Panther integration, visit their Asana Apps page.
Data Loss Prevention (DLP)
Customers may wish to regularly scan their Asana instances for data that affects or violates their organization-wide policies.
For example, an organization may wish to conduct a monthly audit to find any instances of passwords being inadvertently entered into Asana tasks.
For developers, Asana currently offers closed APIs that support Data Loss Prevention (DLP) use cases. Please fill out this form if you are interested in learning more.
For detail about Nightfall’s integration with Asana, visit their Asana Apps page.
Customers may wish to pull data from Asana into a third-party eDiscovery tool to proactively plan for or reactively respond to litigation.
Asana offers closed APIs that support eDiscovery use cases. Please fill out this form if you are interested in learning more.
Customers in highly-regulated industries may wish to regularly pull/store objects or events related to changes on objects in Asana.
Asana offers closed APIs that support Archiving use cases. Please fill out this form if you are interested in learning more.
Learn more about Theta Lake's integration with Asana by visiting their Asana Apps page.
Cloud Access Security Broker (CASB)
Customers may wish to control use of Asana via their Cloud Access Security Broker (CASB) provider. Asana currently offers a connector with Netskope and support for setting approved workspaces. Please fill out this form if you’d like help integrating with a CASB provider that is not currently supported.
Please visit this article to learn more about managing approved workspaces.
For detail about Netskope’s integration with Asana, visit the Asana Apps page.