Skip to main content

Audit Logs

The Activity page provides an audit trail of governance events in your Containment.AI organization for compliance and security monitoring.

Accessing Audit Logs

  1. Navigate to Activity in the sidebar.
  2. Review the event timeline.
  3. Use the tabs, date range, and search to narrow the list.
  4. Click an event to see its details.

Event Structure

Each audit event is described by two core fields:

FieldDescription
TimestampWhen the event occurred
ActionWhat happened (see the action list below)
Resource typeWhat kind of resource was affected (for example, policy, alert, integration)
ActorWho performed the action

Events are identified by a flat action value plus a resource type — not a dotted resource.action event-name taxonomy. If you are building parsing or filtering downstream, match on action and resource_type.

Actions

The action field is one of:

create, update, delete, enable, disable, assign, resolve, mute, trigger, block, redact, login_failed, cancel, reactivate.

Resource Types

resource_type describes the affected resource — for example policy (policy changes), alert (alert lifecycle), and integration (integration changes). Policy-enforcement events on user traffic surface as the trigger / block / redact actions.

Filtering

Tabs

The Activity page groups events into tabs:

  • All — every event
  • Policy — policy configuration changes
  • Alert — alert lifecycle events
  • Violations — enforcement events (trigger / block / redact)
  • Integrations — integration changes

Date Range

Use the date-range selector to limit events to a time window (for example, the last hour, last 24 hours, or a wider range).

The search box matches event text. There is no key:value search syntax — it is a plain-text match.

Sorting

Click a sortable column header to sort; click again to reverse.

Privacy

Audit events contain metadata only:

  • No AI message/prompt content is stored.
  • Events record what happened and to which resource, not the underlying data.

Admin access to logs requires appropriate permissions and should follow least privilege.

Retention

Audit history is visible for the retention window associated with your plan:

PlanRetention
Free30 days
Professional365 days
EnterpriseCustom (12+ months)

This is a visibility window; see the plans overview for details.

Forwarding and Reporting (Roadmap)

  • SIEM forwarding — forwarding audit events into your SIEM is a roadmap capability delivered as a custom engagement. See SIEM Integration.
  • Compliance reports — packaged report generation is not yet a self-serve feature. See Compliance Reports.