Audit Logs
The Activity page provides an audit trail of governance events in your Containment.AI organization for compliance and security monitoring.
Accessing Audit Logs
- Navigate to Activity in the sidebar.
- Review the event timeline.
- Use the tabs, date range, and search to narrow the list.
- Click an event to see its details.
Event Structure
Each audit event is described by two core fields:
| Field | Description |
|---|---|
| Timestamp | When the event occurred |
| Action | What happened (see the action list below) |
| Resource type | What kind of resource was affected (for example, policy, alert, integration) |
| Actor | Who performed the action |
Events are identified by a flat action value plus a resource type — not a dotted resource.action event-name taxonomy. If you are building parsing or filtering downstream, match on action and resource_type.
Actions
The action field is one of:
create, update, delete, enable, disable, assign, resolve, mute, trigger, block, redact, login_failed, cancel, reactivate.
Resource Types
resource_type describes the affected resource — for example policy (policy changes), alert (alert lifecycle), and integration (integration changes). Policy-enforcement events on user traffic surface as the trigger / block / redact actions.
Filtering
Tabs
The Activity page groups events into tabs:
- All — every event
- Policy — policy configuration changes
- Alert — alert lifecycle events
- Violations — enforcement events (
trigger/block/redact) - Integrations — integration changes
Date Range
Use the date-range selector to limit events to a time window (for example, the last hour, last 24 hours, or a wider range).
Search
The search box matches event text. There is no key:value search syntax — it is a plain-text match.
Sorting
Click a sortable column header to sort; click again to reverse.
Privacy
Audit events contain metadata only:
- No AI message/prompt content is stored.
- Events record what happened and to which resource, not the underlying data.
Admin access to logs requires appropriate permissions and should follow least privilege.
Retention
Audit history is visible for the retention window associated with your plan:
| Plan | Retention |
|---|---|
| Free | 30 days |
| Professional | 365 days |
| Enterprise | Custom (12+ months) |
This is a visibility window; see the plans overview for details.
Forwarding and Reporting (Roadmap)
- SIEM forwarding — forwarding audit events into your SIEM is a roadmap capability delivered as a custom engagement. See SIEM Integration.
- Compliance reports — packaged report generation is not yet a self-serve feature. See Compliance Reports.
Related Topics
- Compliance Reports - Reporting roadmap and the audit-event timeline
- Understanding Alerts - Alert events
- SIEM Integration - Log-forwarding roadmap