Docs / Audit log

Audit log

Track changes to projects, datasets, and settings for compliance and incident response. Maintain complete visibility into system modifications and user actions across your organization.

Comprehensive audit logging is essential for security compliance, incident investigation, and operational transparency. Evaligo automatically captures all significant system events, providing detailed context for security teams and compliance officers.

Audit logs include user actions, system changes, data access patterns, and administrative operations. This comprehensive tracking enables organizations to demonstrate compliance with regulations like SOX, GDPR, and industry-specific requirements.

Audit log dashboard showing recent activity, user actions, and system events with filtering options

Event Types

Evaligo captures a comprehensive range of audit events across all system components. Understanding these event types helps teams configure appropriate monitoring and retention policies.

1
User authentication Login attempts, password changes, and session management events.
2
Data operations Dataset creation, modification, deletion, and access patterns.
3
System configuration Settings changes, integration updates, and security policy modifications.
4
Access control Permission changes, role assignments, and privilege escalations.

Retrieving audit events

from evaligo import Client

client = Client()

# Query recent audit events
events = client.audit.list(
    start_time="2024-01-01",
    end_time="2024-01-31",
    event_types=["user.login", "dataset.created", "project.modified"],
    user_id="user-123",
    limit=100
)

# Filter high-risk events
high_risk_events = client.audit.list(
    severity=["high", "critical"],
    event_types=["user.privilege_escalation", "data.deleted", "security.policy_changed"]
)

for event in high_risk_events:
    print(f"{event.timestamp}: {event.event_type}")
    print(f"  User: {event.user_email}")
    print(f"  Resource: {event.resource_type}/{event.resource_id}")
    print(f"  Details: {event.details}")

Compliance Reporting

Export audit logs for periodic reviews and to satisfy regulatory requirements. Generate comprehensive reports that demonstrate compliance with security policies and regulatory frameworks.

Info

Retention Policies: Configure retention periods based on your industry requirements. Financial services typically require 7+ years, while general business applications may need 1-3 years.

Compliance report generation interface with export options and scheduled delivery settings

Regular compliance reporting helps organizations maintain audit readiness and demonstrates due diligence to regulators. Automated reporting can be scheduled to generate and deliver reports to compliance teams on a regular basis.

Generating compliance reports

# Generate quarterly compliance report
report = client.audit.generate_report(
    report_type="compliance",
    time_range="last_quarter",
    include_sections=[
        "executive_summary",
        "access_changes",
        "data_operations",
        "security_events",
        "policy_violations"
    ],
    format="pdf"
)

# Schedule automated reporting
client.audit.schedule_report(
    name="Q1 Compliance Report",
    frequency="quarterly",
    recipients=["compliance@company.com", "ciso@company.com"],
    format="pdf",
    include_raw_data=True
)

# Export raw audit data for external analysis
raw_data = client.audit.export(
    start_date="2024-01-01",
    end_date="2024-03-31",
    format="json",
    include_metadata=True
)

Incident Investigation

Correlate audit events with traces and experiment runs to build full context during security incidents. The audit log provides the timeline and context needed for effective incident response.

When investigating security incidents, teams can trace user actions across multiple systems and understand the full scope of potential impact. Cross-referencing audit events with application traces provides complete visibility into system behavior.

Video

Incident Investigation Workflow

Learn how to use audit logs for security incident response

5m 15s

Warning

Incident Response: During active incidents, prioritize securing the environment before conducting detailed forensic analysis. Preserve audit log integrity throughout the investigation process.

Forensic Analysis

Use advanced filtering and correlation features to reconstruct incident timelines. The audit log provides detailed context about user actions, system changes, and data access patterns that occurred before, during, and after security events.

Incident investigation interface showing timeline view with correlated events and affected resources

Incident correlation analysis

# Investigate suspicious activity
incident_timeline = client.audit.investigate(
    incident_id="inc-2024-001",
    user_id="suspicious-user-456",
    time_window_hours=24,
    correlation_rules=[
        "data_access_after_hours",
        "privilege_escalation",
        "unusual_export_volume"
    ]
)

# Find related traces
related_traces = client.traces.search(
    user_id="suspicious-user-456",
    start_time=incident_timeline.start_time,
    end_time=incident_timeline.end_time,
    include_metadata=True
)

# Generate incident report
incident_report = client.audit.incident_report(
    incident_id="inc-2024-001",
    affected_resources=incident_timeline.resources,
    timeline=incident_timeline.events,
    impact_assessment="high"
)

Retention and Archival

Set retention policies appropriate for your industry and risk posture. Balance compliance requirements with storage costs and operational efficiency while maintaining the ability to investigate historical incidents.

Tip