Audit
Audit entries remain tenant-scoped and answer:
- Who changed this?
- What changed?
- When did it change?
This is the authoritative history surface for control-plane changes.
What gets logged
Audit Logging Heuristic
Logged to audit:
- Configuration changes: Creating, updating, or deleting policies, actions, entities, mitigations
- Access changes: Modifying tenant memberships, roles, or permissions
- Credential operations: Creating or revoking API keys
- Tenant operations: Creating, updating, or switching tenants
- Policy deployments: Enabling or disabling policies in production
Not logged to audit:
- Read operations: Viewing policies, results, or configurations
- Runtime traffic: Individual requests processed by policies
- System metrics: Performance data, health checks, or monitoring
- Session activity: Login attempts, token refreshes, or navigation
- Temporary operations: Draft saves that aren't deployed
The audit log focuses on capturing intentional changes that affect how your system operates, not routine operational data.