Audit Log & Compliance
Immutable, hash-chained audit log for SOC 2, ISO 27001, and NIS2 compliance.
Logged Events
Every action is recorded: user management, workspace settings, node changes, API key rotations, incidents, alert channels, mitigation rules, allowlist changes, runbooks, and billing events. Each entry includes timestamp, actor, action, resource, IP address, and JSON metadata.
Hash Chain
Each entry's SHA-256 hash is computed from the previous entry's hash plus all fields, creating a tamper-evident chain. Any modification breaks the chain and is detectable.
Searching and Filtering
Filter by time range (24h, 7d, 30d, all), actor, action type, resource, and IP address. Paginated at 50 per page.
Export
Export filtered results as CSV (up to 10,000 rows). Columns: Timestamp, Actor, Action, Resource Type, Resource ID, IP Address, Details.
Compliance Mapping
- SOC 2 CC6.1: Access security events logged with actor, action, timestamp, source IP
- SOC 2 CC7.2: Security event monitoring (incidents, threshold crossings)
- ISO 27001 A.12.4.1: Event logs for user activities and security events
- ISO 27001 A.12.4.2: Log protection against tampering (hash chain)
- NIS2 Article 23: Incident reporting supported via NIS2 Report Generator
Data Retention
Retention depends on your plan. Entries beyond the limit are automatically purged.