Skip to main content

Audit & Compliance

Required Permissions: Admin or SuperUser role
Security Level: High
Estimated Time: 12 minutes

The Audit & Compliance section gives you visibility into everything that happens in your tenant — who did what, when, and from where. You monitor activity through a real-time dashboard, drill into individual events, generate compliance reports for regulatory frameworks, and set up alerts for critical actions. Access it at Admin Portal → Audit & Compliance.

Prerequisites

  • Your account holds an Admin or SuperUser role.
  • Your subscription includes the Audit Access feature.

Overview

The Audit & Compliance page is organized into four tabs:

TabPurpose
DashboardAt-a-glance metrics, event category breakdown, and recent high-severity events.
Event ViewerSearchable, filterable table of every audit event with export capabilities.
Compliance ReportsGenerate, download, and manage compliance reports for SOX, GDPR, HIPAA, ISO 27001, and PCI DSS.
Alerts ConfigCreate rules that notify administrators when specific event patterns occur.

Dashboard

The Dashboard tab gives you a summary of audit activity for a selected time range.

Time range

Use the dropdown at the top to switch between Last 24 Hours, Last 7 Days, and Last 30 Days. Click the refresh button to update the data.

Metrics

Four cards display key numbers for the selected period:

  • Total Events — the count of all recorded audit events.
  • Critical & Error — combined count of events at CRITICAL or ERROR severity.
  • Warnings — count of WARNING-level events.
  • Active Users — the number of distinct users who triggered events.

Event categories

Below the metrics, colored chips break down events by category — for example AUTH, USER_MGMT, DATA_ACCESS, FILE_OPS, PERMISSION, and more. This helps you quickly spot where activity concentrates.

Most active operations

A ranked list of the five most frequent event types in the period, showing how many times each occurred.

Recent high-severity events

If any CRITICAL or ERROR events occurred in the period, the most recent five appear at the bottom with their timestamps, categories, and descriptions.

Event Viewer

The Event Viewer is a detailed, paginated table of audit events.

Searching and filtering

Click Show Filters to reveal the filter panel:

  • Search — free-text search across event descriptions and types.
  • Category — filter by one or more event categories (AUTH, USER_MGMT, DATA_ACCESS, FILE_OPS, SUBSCRIPTION, PERMISSION, API_ACCESS, INFRASTRUCTURE, COMPLIANCE, SYSTEM).
  • Severity — filter by severity level (INFO, WARNING, ERROR, CRITICAL).
  • Date range — set a start and end date to narrow the window.
  • Clear Filters resets all filters to their defaults.

Reading event details

Each row in the table shows the timestamp, category, event type, severity, acting user, and a short description. Click a row to expand it and reveal additional detail:

  • Event ID — unique identifier for the event.
  • Action and description — what happened.
  • IP address and user role — who acted and from where.
  • Stack name and region — which infrastructure stack, if relevant.
  • Request ID, session ID — for correlation with backend logs.
  • Compliance tags — regulatory tags attached to the event (e.g., SOX, GDPR).
  • Metadata — a JSON block of additional context.

Exporting events

Click Export and choose a format:

  • CSV — comma-separated values for spreadsheet analysis.
  • Excel (.xlsx) — formatted spreadsheet.
  • JSON — structured data for programmatic processing.

The export respects your current filters, so you can narrow the data before downloading.

Compliance Reports

The Compliance Reports tab lets you generate formal reports against industry frameworks.

Generating a report

  1. Click Generate Report.
  2. Select a report type: SOX, GDPR, HIPAA, ISO 27001, PCI DSS, or Custom.
  3. Enter a report name that describes the scope (e.g., "Q1 2026 SOX Audit").
  4. Set the start date and end date for the reporting period.
  5. Click Generate. The report enters a Pending state and progresses to Generating, then Completed (or Failed if an error occurs).

The page polls automatically while reports are being generated.

Downloading and managing reports

  • Click Download on any completed report to retrieve the file.
  • Click Delete to remove a report you no longer need.
  • Select multiple reports with checkboxes and use Delete (n) for bulk removal.

Report types

TypeWhat it covers
SOXFinancial controls, data integrity, and access logs relevant to Sarbanes-Oxley compliance.
GDPRPersonal data access, modifications, and deletion events for General Data Protection Regulation.
HIPAAProtected health information access and handling events for HIPAA compliance.
ISO 27001Information security management events aligned with ISO 27001 controls.
PCI DSSPayment card data access and security events for PCI Data Security Standard.
CustomA general-purpose report using your chosen date range without a predefined framework filter.

Alerts Configuration

Alerts notify your administrators when specific types of events occur, helping you respond to security issues in real time.

Creating an alert

  1. Click Create Alert (or the add button).
  2. Enter a name and optional description.
  3. Select one or more event categories the alert should monitor.
  4. Set a severity threshold — the alert triggers only for events at or above this level (WARNING, ERROR, or CRITICAL).
  5. Select one or more notification channels to determine how administrators are notified (e.g., email, Slack).
  6. Toggle the Active switch to enable or disable the alert.
  7. Click Save.

Managing alerts

  • Edit an alert to change its categories, threshold, channels, or active state.
  • Test an alert to send a test notification through its configured channels and verify delivery.
  • Delete an alert when it is no longer needed.

The alerts table shows each alert's name, monitored categories, severity threshold, notification channels, status, last triggered time, and total trigger count.

Tip: Start with a CRITICAL threshold to catch the most urgent events, then add WARNING-level alerts as you refine your monitoring posture.

Event Categories

Audit events are classified into the following categories:

CategoryWhat it captures
AUTHSign-in, sign-out, and authentication failures.
USER_MGMTUser creation, role changes, activations, deactivations.
TENANT_MGMTTenant configuration and settings changes.
SUBSCRIPTIONSubscription and seat assignment changes.
PERMISSIONRole and user permission overrides created, updated, or deleted.
DATA_ACCESSRead access to sensitive data.
DATA_MODIFYCreate, update, or delete operations on data.
INFRASTRUCTUREStack provisioning, updates, and failures.
SECURITYSecurity-related events such as suspicious access patterns.
COMPLIANCECompliance report generation and related actions.
API_ACCESSAPI key usage and external API calls.
FILE_OPSFile uploads, downloads, sharing, and deletions.
AI_USAGEAI model invocations and token consumption.
SYSTEMInternal system events and background task results.

Severity Levels

LevelMeaning
INFONormal operations — routine actions recorded for traceability.
WARNINGUnusual but non-critical — worth reviewing but not urgent.
ERRORFailed operations — something did not complete as expected.
CRITICALSecurity or integrity risk — requires immediate attention.

Security Considerations

  • Retention: Audit events follow tenant-level retention policies. Events beyond the retention period may be archived or deleted automatically.
  • Immutability: Audit events are write-once. They cannot be edited or deleted through the API — only archived after the retention period.
  • Compliance tags: Events automatically carry compliance tags (e.g., SOX, GDPR) based on their category and the data they touch. These tags drive compliance report filtering.
  • Export controls: Exported audit data may contain personal information (IP addresses, email addresses). Handle exports according to your data protection policies.

Best Practices

  • Check the Dashboard tab at the start of each admin session to spot anomalies.
  • Create alerts for CRITICAL events in the AUTH and PERMISSION categories so you are immediately aware of unauthorized access attempts or privilege changes.
  • Generate compliance reports on a regular schedule — quarterly for SOX, monthly or as needed for GDPR and others — rather than only when an audit is imminent.
  • Use the Event Viewer export feature to archive audit data in your organization's long-term storage if you need records beyond the platform's retention period.
  • Review the Most Active Operations list periodically. A sudden spike in a particular operation type can signal automation errors or misuse.

Troubleshooting

Dashboard shows zero events Verify that the selected time range contains activity. If your tenant was recently created, there may be very few events. Also confirm your subscription includes the Audit Access feature.

Compliance report stuck in "Generating" state Reports are generated asynchronously. Wait a few minutes and refresh the page. If the status persists beyond several minutes, the background task may have encountered an error — check the report's error message or contact support.

Alert not triggering Verify the alert is set to Active. Check that the event categories and severity threshold match the events you expect to trigger it. Use the Test button to confirm notification delivery is working.

Export produces an empty file Your current filters may be too restrictive. Clear filters and try again to verify events exist, then re-apply filters incrementally.

Next Steps

To configure the permissions that audit events track, see Permissions Management. For managing the user accounts whose actions appear in the audit log, see User Management.

⏱️ Read time: 12 minutes | 📊 Difficulty: intermediate