Audit Events
Audit Events is the admin screen for platform audit history.
Only admins can view audit events. Audit retention and PII controls are managed in Settings.
Audit event entries include:
- Created time
- Event type
- Event ID
- Action
- Actor type and actor ID
- Resource type and resource ID
- Owner type and owner ID
Open an event to inspect app version, actor details, retained request IP/user agent, and event metadata.
Filters
Section titled “Filters”The screen supports:
- Search across event ID, type, action, actors, owners, credentials, resources, IP address, user agent, app version, and metadata
- Created date range
- Event type
- Action
- Actor type: API key, service account, system, or user
- Resource type
Event type, action, and resource type filters show values that exist in the deployment’s audit history.
Event Families
Section titled “Event Families”Common event types include:
| Event type | Examples |
|---|---|
auth.session | Login, logout, blocked login, failed login. |
auth.password | Password change. |
auth_identity_provider | Identity provider create, update, delete. |
platform_user | Team member create, update, disable, enable, delete. |
managed_identity | AI agent or service account create, update, disable, enable, delete. |
api_key | API key create and revoke. |
project | Project create, update, delete. |
participant | Participant create, update, delete. |
participant_directory | Participant directory association add or remove. |
label | Label create, update, delete. |
delegation | Delegation create, update, revoke. |
provider_connector | Connector create, update, delete. |
platform_settings | Settings update. |
worker | Worker job scheduled, skipped, completed, or failed. |
Actions are stored as event-specific strings. Examples include create,
update, delete, disable, enable, revoke, add, remove, login,
logout, login_failed, login_blocked, change, scheduled, skipped,
completed, and failed.
Principals and Credentials
Section titled “Principals and Credentials”Audit events can include:
- Actor: who or what initiated the action
- Owner: owning user, project, organization, or service account
- Effective principal: identity whose authority was applied
- Credential: API key, OAuth token, or session
- Resource: entity acted on
Metadata is sanitized before storage. Secret-looking fields are redacted, and personal-looking metadata fields can be redacted by disabling audit metadata PII retention.