Audit Logs
The Activity page provides a comprehensive audit trail of all events in your Containment.AI organization for compliance and security monitoring.
What's Logged
Containment.AI logs:
User Activity
- AI platform interactions
- Policy triggers
- Extension connections/disconnections
- Login events
Admin Activity
- Configuration changes
- Policy modifications
- User management actions
- Exception grants
System Events
- Integration updates
- Scheduled tasks
- Error events
- Maintenance activities
Accessing Audit Logs
- Navigate to Activity in the sidebar
- View the event stream
- Use filters to find specific events
- Click events for details
Event Structure
Each log entry contains:
| Field | Description |
|---|---|
| Timestamp | When the event occurred |
| Event Type | Category of event |
| Actor | Who performed the action |
| Action | What happened |
| Target | What was affected |
| Details | Additional context |
| IP Address | Origin of the action |
Event Types
Alert Events
alert.created- New alert generatedalert.acknowledged- Admin acknowledged alertalert.resolved- Alert marked resolvedalert.dismissed- Alert dismissed
Policy Events
policy.enabled- Policy turned onpolicy.disabled- Policy turned offpolicy.modified- Policy settings changedpolicy.created- New policy created
User Events
user.invited- Invitation sentuser.activated- User completed setupuser.deactivated- User removeduser.login- User signed in
Admin Events
admin.invited- Admin invitation sentadmin.permissions_changed- Permissions modifiedadmin.removed- Admin removed
Integration Events
integration.connected- New integrationintegration.disconnected- Integration removedintegration.sync- Data synchronized
Filtering Logs
Quick Filters
- All Events - Everything
- Alerts - Alert-related events
- Policies - Policy changes
- Users - User activity
- Admin - Administrative actions
Advanced Filters
| Filter | Options |
|---|---|
| Date Range | Today, This Week, Custom |
| Event Type | Select specific types |
| Actor | Specific user or admin |
| Action | Specific action |
| Severity | Info, Warning, Critical |
Search Syntax
actor:admin@company.com action:policy.modified
Event Details
Click any event to see full details:
Summary
- Event description
- Timestamp with timezone
- Actor information
Before/After
For changes, see:
- Previous state
- New state
- What changed
Context
- Related events
- Affected resources
- IP and device info
Raw Data
- Complete JSON payload
- Technical details
- API request/response
Compliance Features
Immutability
Audit logs cannot be modified or deleted:
- Write-once storage
- Cryptographic verification
- Tamper detection
Retention
| Plan | Retention |
|---|---|
| Free | 30 days |
| Professional | 365 days |
| Enterprise | Custom (12+ months) |
Export
Export logs for compliance:
- Apply desired filters
- Click Export
- Choose format (CSV, JSON, PDF)
- Download or schedule delivery
Compliance Reports
EnterpriseGenerate compliance reports:
- SOC 2 activity reports
- HIPAA access logs
- GDPR data access records
Real-Time Monitoring
Live Feed
Watch events as they happen:
- Click Live toggle
- Events stream in real-time
- Pause to investigate
Alerts
Set up notifications for events:
- Go to Settings > Notifications
- Configure event triggers
- Choose delivery method
Integration with SIEM
EnterpriseForward logs to your SIEM:
- Splunk
- Sumo Logic
- Datadog
- Custom webhook
See SIEM Integration for setup.
Best Practices
Regular Review
- Check logs daily for security
- Review admin actions weekly
- Audit access monthly
Investigation
- Use filters to narrow scope
- Correlate related events
- Document findings
Compliance
- Export regularly for archives
- Maintain chain of custody
- Test log completeness
Privacy
Audit logs:
- Do not contain message content
- Show metadata only
- Protect user privacy
Admin access to logs:
- Requires appropriate permissions
- Is itself logged
- Should follow least privilege
Related Topics
- Compliance Reports - Generate reports
- Understanding Alerts - Alert events
- SIEM Integration - Log forwarding