API Feature
Compliance

Audit Logging

Track all user actions, data access, and configuration changes for security auditing and compliance requirements.

Audit Logging System

Audit event flow from action to storage and analysis

Event Categories

Authentication

  • • Login success/failure
  • • Logout events
  • • MFA enrollment/verification
  • • Password changes
  • • Session management

Data Operations

  • • Vector add/update/delete
  • • Bulk import/export
  • • Search queries (optional)
  • • Index creation/deletion
  • • Training operations

Administration

  • • Permission changes
  • • Role assignments
  • • API key creation/revocation
  • • Configuration changes
  • • Member invitations

System Events

  • • Cluster state changes
  • • Node failures/recovery
  • • Backup completion
  • • Maintenance windows
  • • Rate limit triggers

Audit Log Format

{
  "id": "audit-550e8400-e29b-41d4-a716-446655440000",
  "timestamp": "2024-12-22T10:30:00.123Z",
  "eventType": "auth.login.success",
  "category": "authentication",
  "severity": "info",

  "actor": {
    "type": "user",
    "id": "user-123",
    "email": "user@example.com",
    "ipAddress": "192.168.1.100",
    "userAgent": "Mozilla/5.0..."
  },

  "target": {
    "type": "organization",
    "id": "org-456",
    "name": "Acme Corp"
  },

  "context": {
    "sessionId": "sess-789",
    "requestId": "req-abc",
    "organizationId": "org-456"
  },

  "details": {
    "authMethod": "password+mfa",
    "mfaType": "totp",
    "location": {
      "city": "San Francisco",
      "country": "US"
    }
  },

  "result": "success"
}

Query API

// Query audit logs
GET /api/audit/logs?
  startTime=2024-12-01T00:00:00Z&
  endTime=2024-12-22T23:59:59Z&
  eventType=auth.*&
  actorId=user-123&
  result=failure&
  limit=100

// Response
{
  "logs": [...],
  "pagination": {
    "nextCursor": "cursor-xyz",
    "hasMore": true
  },
  "summary": {
    "totalEvents": 1234,
    "byCategory": {
      "authentication": 450,
      "data": 600,
      "admin": 184
    }
  }
}

// Export logs
POST /api/audit/export
{
  "format": "csv",
  "filters": {...},
  "destination": "s3://bucket/audit-logs/"
}

Retention & Compliance

Retention Policies

PlanRetentionExport
Free7 daysCSV
Pro90 daysCSV, JSON
EnterpriseUnlimitedCSV, JSON, SIEM

SIEM Integration

Export audit logs to your SIEM platform in real-time:

  • • Splunk (HEC endpoint)
  • • Elasticsearch (direct ingest)
  • • Datadog (logs API)
  • • AWS CloudWatch Logs
  • • Custom webhook (JSON)
Next: Role-Based Access ControlBack to MLGraph Docs