Audit Log Architecture
The audit system captures events at two primary levels: Administrative/Management Actions and API Access.1. Platform Audit Logs
Platform audit logs capture “who did what and when” regarding the management of resources. These logs are generated whenever a user or API key performs an action that modifies the state of the platform.What is Logged?
Each audit log entry contains a high-fidelity record of the event:| Field | Description |
|---|---|
| Timestamp | The exact UTC time the action occurred. |
| Identity | The User ID, Email, and/or API Key ID responsible for the action. |
| Action | The specific operation performed (e.g., create, update, delete, execute, login). |
| Resource | The type and unique ID of the resource (e.g., workflow, agent, knowledge_base, user_group). |
| Context | The Tenant and Workspace identifiers where the action took place. |
| Payload | A JSON representation of the request body and metadata associated with the change. |
| Route & Method | The specific API route and HTTP method used. |
Who is Logged?
- Platform Users: Actions performed via the web interface.
- Service Accounts: Actions performed by automated systems using API keys.
- System Administrators: Global configuration changes and tenant-level management.
2. API Call Logs
In addition to state-changing actions, Noxus maintains detailed logs of every incoming API request to ensure complete visibility into platform usage.Captured Data Points
- Performance: Exact duration of the request in milliseconds and the resulting HTTP response code.
- Attribution: Mapping of the call to a specific
tenant_id,user_id, andapi_key_id. - Routing: The specific resource endpoint accessed.
- Timing: Precise start and end times for every call.
Accountability & Traceability
Noxus uses Correlation IDs to link related events across different services. This allows security teams to trace a single user action from the initial frontend request through the backend orchestration and down to the specific worker pool execution.Log Integrity
- Persistence: Audit logs are stored in a dedicated, indexed database layer (
audit_logsandapi_call_logs) separate from transient application state. - Redaction: Sensitive information such as passwords or raw secret values are automatically redacted before being committed to the logs.
- Retention: Organizations can define custom retention policies to meet legal and compliance obligations.
SIEM & External Integration
For centralized security monitoring, Noxus supports exporting audit and access logs to external SIEM (Security Information and Event Management) platforms.- Supported Backends: Elasticsearch, OpenSearch, Splunk, Datadog, and AWS CloudWatch.
- Format: Logs are emitted in structured JSON format, making them ready for immediate ingestion and dashboarding.
- Alerting: External systems can be configured to trigger alerts based on specific audit patterns, such as multiple failed login attempts or unauthorized resource access.