Currently, audit events are recorded when an alert itself is enabled or disabled. However, this logging does not extend to individual alert actions.
When navigating to the Alert Actions tab, users can enable or disable specific actions, but these changes are not captured in the audit logs.
This gap has led to issues on our side—for instance, when an action was disabled without our knowledge, the alert still triggered but no notification was sent.
While we have an alert in place to monitor unauthorized changes, it did not capture this scenario due to the lack of logging for action-level modifications.
