Add a new idea Subscribe
Status Backlog
Categories Admin audit trail Compliance & security
Created by Guest
Created on May 22, 2025

RELATED IDEAS

API/Webhook export of Audit logs

Have the option to be notified/export audit logs. This can be via webhooks and/or a dedicated API endpoint. This is useful for:

  1. Monitor changes in workspace configuration on internal dashboards

  2. Add logs into SIEM platforms like Sentinel

  • Attach files
  • Guest
    Feb 23, 2026

    Comment from a support agent :

    I’ve done some digging into our internal roadmap and can confirm that a dedicated Audit Log API for SIEM ingestion—specifically for platforms like Microsoft Sentinel is currently an open feature request.

    While we have the manual viewer you found in our Help Center, we don't yet have a native streaming endpoint or a dedicated /audit-logs API to handle this programmatically. You can add your vote to this open feature request here: https://front.ideas.aha.io/ideas/PRD-I-8512

    In the meantime, most teams looking for this level of visibility use our Events API to build a custom bridge: https://dev.frontapp.com/reference/get-event

    While it isn't a pre-packaged audit log, it does capture teammate activity and conversation events that can be piped into your SIEM for monitoring changes in your workspace configuration.

    Reply
  • Guest
    Feb 23, 2026

    +1 on this.
    Note: We don't use Sentinel but another SIEM. We don't think Front should implement a Sentinel-specific integration but rather dedicated Audit Logs API endpoint and/or webhooks.

    Most providers usually provide 1 or 2 of the following 3 things:

    1. Audit Logs API (1Password, Slack, Google, Atlassian, Jira, Confluence, Github, Salesforce, Microsoft Defender for Endpoint, Cloudflare, etc.). This is now the industry standard. This requires building the Audit Log fetcher, but most SIEM solutions then take the time to add the API integrations natively on their side (ex: Datadog SIEM Integrations, Splunk Integrations, etc.).

    2. Some providers also allow push streaming (require adding middleware that transforms the data to the SIEM compatible format) either:

      • To an s3-compatible bucket (Datadog Audit trail, AWS CloudTrail, Jamf Protect, Github, Cloudflare, Tailscale, etc.).

      • or through a Webhook (Jamf Protect, Jamf Pro, Stripe, Auth0),

    3. A few providers provide direct log streaming from provider to SIEM, which is really old school as it requires each provider to maintain many SIEM providers.

      • Jamf Pro Legacy Enterprise supports only Splunk,

      • Github only supports Splunk and Datadog through this method.

      • Auth0 supports a number of vendors because it has a marketplace so the integration is performed by 3rd parties.

      • Tailscale supports Datadog, Splunk, Panther, Elasticsearch.

    Reply