Audit Logs
Track all activity in your BlockSecOps organization. Audit logs record: - Who did what - When it happened - What changed Use for: - Security monitoring -...
Last updated: January 14, 2026
Audit Logs
Track all activity in your BlockSecOps organization.
Overview
Audit logs record:
- Who did what
- When it happened
- What changed
Use for:
- Security monitoring
- Compliance requirements
- Troubleshooting
- Accountability
Availability
| Plan | Audit Logs |
|---|---|
| Free | Not available |
| Developer | Not available |
| Startup | Not available |
| Professional | ✓ 90 days |
| Enterprise | ✓ 2 years |
Accessing Audit Logs
Location
- Go to Organization → Audit Logs
- View activity log
Permissions
Who can view:
- Organization Owners
- Organization Admins
- Custom roles with audit permission
What's Logged
Authentication
| Event | Description |
|---|---|
auth.login |
User logged in |
auth.logout |
User logged out |
auth.failed |
Failed login attempt |
auth.mfa_enabled |
2FA enabled |
auth.password_changed |
Password changed |
Members
| Event | Description |
|---|---|
member.invited |
Invitation sent |
member.joined |
Accepted invitation |
member.removed |
Member removed |
member.role_changed |
Role updated |
Teams
| Event | Description |
|---|---|
team.created |
Team created |
team.deleted |
Team deleted |
team.member_added |
Member added to team |
team.member_removed |
Member removed from team |
Projects
| Event | Description |
|---|---|
project.created |
Project created |
project.deleted |
Project deleted |
project.access_granted |
Access given |
project.access_revoked |
Access removed |
Contracts
| Event | Description |
|---|---|
contract.uploaded |
Contract added |
contract.deleted |
Contract removed |
contract.scanned |
Scan initiated |
Findings
| Event | Description |
|---|---|
finding.status_changed |
Status updated |
finding.assigned |
Finding assigned |
finding.commented |
Comment added |
Settings
| Event | Description |
|---|---|
org.settings_changed |
Settings updated |
org.billing_updated |
Billing changed |
api_key.created |
API key generated |
api_key.revoked |
API key revoked |
Log Entry Details
Each entry contains:
| Field | Description |
|---|---|
| Timestamp | When it happened (UTC) |
| Actor | Who performed the action |
| Event | What happened |
| Target | What was affected |
| Details | Additional context |
| IP Address | Source IP |
| User Agent | Browser/client info |
Example Entry
{
"timestamp": "2026-01-03T14:30:00Z",
"actor": "[email protected]",
"event": "finding.status_changed",
"target": "finding-abc123",
"details": {
"old_status": "open",
"new_status": "fixed"
},
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0..."
}
Filtering Logs
By Date
Select date range:
- Last 24 hours
- Last 7 days
- Last 30 days
- Custom range
By Event Type
Filter by category:
- Authentication
- Members
- Teams
- Projects
- Findings
By Actor
Filter by who performed actions:
- Specific user
- Any user
- System (automated)
By Target
Filter by what was affected:
- Specific project
- Specific finding
- Any target
Searching Logs
Search Syntax
actor:[email protected] event:finding.assigned
Common Searches
| Search | Purpose |
|---|---|
event:auth.failed |
Failed logins |
actor:[email protected] |
Bob's activity |
target:project-123 |
Project activity |
event:*.deleted |
All deletions |
Exporting Logs
Export Options
- Click Export
- Select format:
- CSV
- JSON
- Choose date range
- Download
For Compliance
Export includes:
- All fields
- Digital signature (Enterprise)
- Tamper-evident hash
Alerts
Real-Time Alerts
Set up alerts for specific events:
- Go to Audit Logs → Alerts
- Click Create Alert
- Configure:
- Event type
- Conditions
- Notification method
- Save
Example Alerts
| Alert | Condition |
|---|---|
| Failed logins | 5+ in 10 minutes |
| After-hours access | Login outside 9-5 |
| Admin action | Any role change |
| Sensitive delete | Project deleted |
Retention
Standard Retention
| Plan | Retention Period |
|---|---|
| Professional | 90 days |
| Enterprise | 2 years |
Extended Retention
Enterprise can configure:
- Up to 7 years
- Compliance with regulations
- Custom retention policies
Compliance Use Cases
SOC 2
Audit logs support:
- Access tracking
- Change management
- Security monitoring
GDPR
Audit logs help with:
- Data access records
- Change tracking
- Accountability
Internal Audit
Use for:
- Periodic access reviews
- Security audits
- Incident investigation
Best Practices
Regular Review
- Weekly: Check failed logins
- Monthly: Review access changes
- Quarterly: Full audit report
Set Up Alerts
Critical alerts:
- Multiple failed logins
- Admin role changes
- After-hours access
- Mass deletions
Preserve Evidence
For incidents:
- Export relevant logs immediately
- Include in incident reports
- Store securely
FAQ
Q: Can logs be modified?
A: No. Logs are immutable and tamper-evident.
Q: Are API calls logged?
A: Yes. API actions are logged like UI actions.
Q: What about GDPR data deletion?
A: User PII can be anonymized while preserving audit trail.
Q: Can I integrate with SIEM?
A: Yes, Enterprise plans can export to Splunk, Datadog, etc.
Next Steps
- Roles & Permissions - Access control
- Security Settings - Enterprise security
- Contact Support - Get help