Audit & Evidence
The Audit & Evidence panel displays the immutable audit trail for all platform actions. This is your compliance evidence trail.
What Gets Logged
- Every shield block and review
- Block mode changes
- Break-glass activations and deactivations
- Whitelist changes
- Retention setting changes
- Configuration changes
- Operator management actions (when RBAC is enabled)
Features
- Time range — respects the global context bar (1h/6h/24h/7d/30d); widen to see older entries
- Search and filter — filter by action type, actor, resource, or free-text search
- Export — export audit data for external compliance tools
The audit log is append-only. Entries cannot be modified or deleted through the application. This is by design for compliance evidence integrity.
Retention
Audit trail retention defaults to 365 days. For SOC 2 or similar frameworks, consider setting it to 365 days or Unlimited in Configuration > Data Retention.