Browsing events
Each event in the log shows:- Timestamp in UTC.
- Agent or principal that took the action, with its identifier.
- Action type, such as a database query or an outbound network request.
- Target or resource the action was performed against.
- Result, marked as allowed, blocked, or neutral.
Filtering
Narrow the log with a free-text query across statements, IPs, and error codes, and with filters for timeframe, identity, event type, and status. The active filters are shown above the table so you always know what you are looking at.Event detail and credential lifecycle
Expand any event to replay the lifecycle of the ephemeral credential kit behind it: the kit being issued and scoped with a requested TTL, the action being performed and its result, and the kit being revoked a measured time after issuance so its credentials can no longer authenticate. The detail panel also surfaces the event ID, the kit ID, the requested TTL, and the kit’s total lifetime.Exporting evidence
Select Export CSV to download the events for the selected timeframe as a compliance evidence file. The export respects your current timeframe selection.Audit history retention depends on your plan. The Starter plan covers a recent window of events. Upgrade to query a longer history and export the full record. See Plans and billing.
Related
Identity tokens (KITs)
Understand the credential lifecycle shown in each event.
Integrations
Route audit events to the tools your team uses.