Skip to main content

The audit and governance log

The audit log is ThreatLens's system of record — an immutable, append-only history of every governance decision and every administrative change. It's your evidence for auditors, your answer for the board, and your early warning for risky behavior.

What's recorded

  • Governance decisions — for each request: the user, the data class, the action taken (allow / redact / route / block), the destination, and the trust tier.
  • Control-plane changes — every administrative action: policy-matrix edits (with old and new values), destination and connector changes, secret operations, SSO and role changes, and enforcement-mode switches.
Immutable by design

Entries are append-only — they can't be edited or deleted. That's what makes the log defensible as compliance evidence.

Read and filter

  1. Go to Governance → Audit log.
  2. Filter by user, data class, action, destination, or time range.
  3. Click any entry to expand its full detail — including why a decision was made.

The activity log — every governed request with its classification, action, and destination.

Export evidence

Export a filtered view to hand to an auditor or feed into your reporting:

  1. Apply the filters you need.
  2. Click Export.
  3. Save or forward the exported records.

Event export — forward governance events to your SIEM or download them.

Send it to your SIEM

Governance and audit events can be exported to your security information and event management (SIEM) system, so AI activity sits alongside the rest of your security telemetry. See Reference → Integrations.

Use it to tune policy

Before switching from monitor to enforce, read the log to see what would be blocked or redacted — then adjust the policy matrix so enforcement matches your intent.