> ## Documentation Index
> Fetch the complete documentation index at: https://docs.noxus.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Auditability

> Detailed overview of platform audit logs, API logging, and accountability

Noxus provides a comprehensive auditability framework designed to meet the most stringent enterprise security and compliance requirements. Every significant action within the platform is recorded, attributed, and stored in a tamper-proof manner.

## Audit Log Architecture

The audit system captures events at two primary levels: **Administrative/Management Actions** and **API Access**.

### 1. Platform Audit Logs

Platform audit logs capture "who did what and when" regarding the management of resources. These logs are generated whenever a user or API key performs an action that modifies the state of the platform.

#### What is Logged?

Each audit log entry contains a high-fidelity record of the event:

| Field              | Description                                                                                         |
| :----------------- | :-------------------------------------------------------------------------------------------------- |
| **Timestamp**      | The exact UTC time the action occurred.                                                             |
| **Identity**       | The User ID, Email, and/or API Key ID responsible for the action.                                   |
| **Action**         | The specific operation performed (e.g., `create`, `update`, `delete`, `execute`, `login`).          |
| **Resource**       | The type and unique ID of the resource (e.g., `workflow`, `agent`, `knowledge_base`, `user_group`). |
| **Context**        | The Tenant and Workspace identifiers where the action took place.                                   |
| **Payload**        | A JSON representation of the request body and metadata associated with the change.                  |
| **Route & Method** | The specific API route and HTTP method used.                                                        |

#### Who is Logged?

* **Platform Users**: Actions performed via the web interface.
* **Service Accounts**: Actions performed by automated systems using API keys.
* **System Administrators**: Global configuration changes and tenant-level management.

***

### 2. API Call Logs

In addition to state-changing actions, Noxus maintains detailed logs of every incoming API request to ensure complete visibility into platform usage.

#### Captured Data Points

* **Performance**: Exact duration of the request in milliseconds and the resulting HTTP response code.
* **Attribution**: Mapping of the call to a specific `tenant_id`, `user_id`, and `api_key_id`.
* **Routing**: The specific resource endpoint accessed.
* **Timing**: Precise start and end times for every call.

***

## Accountability & Traceability

Noxus uses **Correlation IDs** to link related events across different services. This allows security teams to trace a single user action from the initial frontend request through the backend orchestration and down to the specific worker pool execution.

### Log Integrity

* **Persistence**: Audit logs are stored in a dedicated, indexed database layer (`audit_logs` and `api_call_logs`) separate from transient application state.
* **Redaction**: Sensitive information such as passwords or raw secret values are automatically redacted before being committed to the logs.
* **Retention**: Organizations can define custom retention policies to meet legal and compliance obligations.

***

## SIEM & External Integration

For centralized security monitoring, Noxus supports exporting audit and access logs to external **SIEM** (Security Information and Event Management) platforms.

* **Supported Backends**: Elasticsearch, OpenSearch, Splunk, Datadog, and AWS CloudWatch.
* **Format**: Logs are emitted in structured JSON format, making them ready for immediate ingestion and dashboarding.
* **Alerting**: External systems can be configured to trigger alerts based on specific audit patterns, such as multiple failed login attempts or unauthorized resource access.

<CardGroup cols={2}>
  <Card title="Security Architecture" icon="shield-check" href="/core/infrastructure/security">
    See how auditability fits into our broader defense-in-depth strategy.
  </Card>

  <Card title="Monitoring" icon="gauge-high" href="/deployment/operations/monitoring">
    Learn how to pair audit logs with real-time performance metrics.
  </Card>
</CardGroup>
