I’m implementing some security monitoring for our Buildkite organization. The data in the API Access Audit page is very valuable, but I cannot retrieve similar information via the GraphQL (or REST) API in a way that lets me build automated alerts.
I can work around aspects of this by searching for
USER_API_ACCESS_TOKEN_ORGANIZATION_ACCESS_ADDED events in the audit log, but this is still missing some data. In particular the last used timestamp and IP address information for each token would be very valuable.