Audit Logs
Veriproof records every significant administrative and data-access event in an immutable audit log. The log is available to CustomerAdmin and CustomerComplianceOfficer roles (and CustomerAuditor during active audit engagements).
Audit log entries are retained for 90 days for customer-visible records. Staff-side audit logs (platform operator actions on your tenant) are retained for 7 years to meet compliance requirements and are available upon request.
What Is Logged
Authentication & Identity Events
| Event | Description |
|---|---|
user.login | Successful portal sign-in |
user.login_failed | Failed sign-in attempt (wrong credentials / locked) |
user.logout | Explicit sign-out |
user.session_expired | Session invalidated due to timeout |
user.sso_login | Successful SSO authentication |
user.invited | New user invitation sent |
user.deactivated | User account deactivated |
Configuration Changes
| Event | Description |
|---|---|
sso.configuration_created | New SSO provider configuration saved |
sso.configuration_updated | SSO configuration modified |
sso.configuration_deleted | SSO configuration deleted |
sso.configuration_disabled | SSO configuration temporarily disabled |
webhook.created | Webhook endpoint registered |
webhook.updated | Webhook endpoint updated |
webhook.deleted | Webhook endpoint removed |
api_key.issued | New API key issued |
api_key.revoked | API key revoked |
rbac.role_granted | Role assigned to a user |
rbac.role_revoked | Role removed from a user |
notification_channel.created | Slack/Teams channel linked |
notification_channel.deleted | Notification channel removed |
Data Access & Lifecycle Events
| Event | Description |
|---|---|
evidence_package.generated | Evidence package exported |
session_review.approved | Session review decision: approved |
session_review.rejected | Session review decision: rejected |
gdpr.erasure_requested | Data subject erasure request submitted |
gdpr.erasure_completed | Erasure cryptographically completed |
gdpr.legal_hold_placed | Legal hold applied to a data subject |
gdpr.legal_hold_released | Legal hold released |
application.purge_initiated | Application deletion and purge queued |
application.purge_completed | Application purge finished |
application.created | New application registered |
application.deleted | Application soft-deleted (purge pending) |
Viewing the Audit Log
Navigate to Settings → Audit Logs in the Customer Portal.
Filtering
The audit log viewer supports filtering by:
- Date range — select start and end timestamps (UTC)
- Event type — filter to a category (Authentication, Configuration, Data Access)
- User — show only events performed by a specific user
- Application — show only events for a specific application
Searching
Use the search box to find events by event type string, user email, or application name. Search is case-insensitive and substring-matched.
Log Entry Structure
Each log entry contains:
| Field | Description |
|---|---|
timestamp | UTC ISO 8601 timestamp of the event |
eventType | Machine-readable event identifier (e.g. rbac.role_granted) |
userId | Portal user who performed the action |
userEmail | Email of the actor |
ipAddress | Source IP address |
targetId | ID of the affected resource (user ID, application ID, etc.) |
targetType | Type of the affected resource |
details | Free-text description of the change |
outcome | success or failure |
Immutability
Audit log entries cannot be modified or deleted by tenant users. They are written to append-only storage and are included in the platform’s tamper-evident integrity chain. Attempting to delete audit log records via the API returns 403 Forbidden.
Exporting Audit Logs
To export the full log or a filtered subset:
- Apply any filters you need (date range, event type, user).
- Click Export as CSV or Export as JSON.
- The export runs asynchronously; a download link appears when the file is ready (typically within a few seconds for < 30-day ranges).
Exports are suitable for importing into SIEM tools, compliance file archives, or audit evidence packages.
For fully automated export pipelines, consider configuring an OTel export to stream events to your observability stack in real time.
Including Audit Logs in Evidence Packages
When generating an evidence package, you can include a filtered audit log excerpt. Check the Include audit trail option in the evidence package generator to append the log as a signed attachment.
Retention
Customer audit logs are retained for 90 days from the event timestamp, after which they are automatically deleted by the platform’s retention enforcement worker. If you require longer retention, export logs regularly to your own storage.
Staff audit logs (actions taken by Veriproof platform operators on your tenant, such as impersonation or key rotation) are retained for 7 years and can be produced on request as part of a compliance audit or incident investigation.