Audit Log
The audit log records every action taken by team members and the system.
What's logged
| Category | Examples |
|---|---|
| Auth | Login, logout, failed login, MFA change |
| Team | Member invited, role changed, member removed |
| Monitors | Created, edited, deleted, paused |
| Integrations | Connected, disconnected, credential rotated |
| Scans | Triggered, completed, report downloaded |
| Alerts | Acknowledged, resolved, silenced |
| Settings | API key created/revoked, notification channel added |
| Billing | Plan upgraded/downgraded, invoice paid |
Log entry fields
{
"id": "evt_01HXYZ",
"timestamp": "2025-05-21T14:32:00Z",
"actor": { "id": "usr_abc", "email": "[email protected]", "ip": "1.2.3.4" },
"action": "monitor.created",
"resource": { "type": "monitor", "id": "mon_xyz", "name": "api.myapp.com" },
"workspace_id": "ws_123",
"metadata": { "interval_minutes": 5, "check_type": "http" }
}Retention
| Plan | Retention |
|---|---|
| Free | 7 days |
| Pro | 90 days |
| Enterprise | 1 year (with export) |
Export
Audit logs can be exported as CSV or JSON via:
- UI: Settings → Audit Log → Export
- API:
GET /api/v1/audit-logs?from=…&to=…&format=csv
SIEM integration
Forward audit logs to your SIEM in real-time via the Webhook or Syslog output:
{
"target": "https://siem.mycompany.com/ingest",
"format": "json",
"auth": "Bearer my-siem-token",
"filter": { "severity": ["warning", "critical"] }
}