Log Sources & Best Practices

Understanding log sources and audit review best practices.

Log Sources

Audit log entries are generated by multiple platform components:

Source	Events
Backend API	Resource CRUD operations, auth events, policy changes
Proxy Server	Request interception, enforcement decisions, forwarding events
Intent Assurance Plan (IAP) Engine	Intent plan processing, step verification, trust chain updates
CSRG	Cryptographic operations, token signing, Merkle proof verification
Scanner	Vulnerability scan initiation, results, severity assessments

Audit logs are organization-scoped - you only see events relevant to your active organization. Switch organizations to view a different organization's logs.

Best Practices

Monitor Critical logs daily - These indicate security incidents requiring immediate attention
Set up regular review cadences - Weekly review of Warning-level logs helps catch emerging patterns
Cross-reference with Intent Plans - Combine audit logs with Intent Assurance Plan (IAP) details for a complete execution trace
Export for compliance - Use audit logs to satisfy compliance reporting requirements

Filtering & Search

Filter audit logs by group, date range, and severity.

Settings

Manage your team - user management, invitations, join requests, roles, and permissions.

On this page

Log Sources Best Practices