> ## Documentation Index
> Fetch the complete documentation index at: https://adapt.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logging

> How Adapt tracks and logs activity for security and compliance

Adapt maintains comprehensive audit logs to track activity, support compliance, and enable security monitoring.

## What We Log

### User Activity

| Event                | Details Captured                        |
| -------------------- | --------------------------------------- |
| **Logins**           | User, timestamp, IP address, method     |
| **Queries**          | User, question asked, data sources used |
| **Actions**          | User, action type, target, result       |
| **Settings changes** | User, what changed, old/new values      |

### Administrative Events

| Event                  | Details Captured                  |
| ---------------------- | --------------------------------- |
| **Member changes**     | Who was added/removed, by whom    |
| **Integration setup**  | What was connected, by whom       |
| **Permission changes** | What changed, who made the change |
| **Billing events**     | Plan changes, payment events      |

### System Events

| Event                   | Details Captured                |
| ----------------------- | ------------------------------- |
| **API calls**           | Endpoint, parameters, response  |
| **Integration queries** | Service, query, data returned   |
| **Errors**              | Error type, context, resolution |

## Accessing Audit Logs

### Admin Access

Organization admins can view logs:

1. Go to **Settings > Security > Audit Log**
2. Filter by user, event type, or date range
3. Export for analysis or compliance

### Log Format

```json theme={null}
{
  "timestamp": "2024-12-15T14:23:45Z",
  "event_type": "query",
  "user_id": "user_123",
  "user_email": "john@company.com",
  "organization_id": "org_456",
  "details": {
    "query": "What's our current MRR?",
    "integrations_used": ["stripe"],
    "response_time_ms": 1247
  },
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0..."
}
```

## Retention

### Standard Retention

* **Activity logs**: 90 days
* **Security events**: 1 year
* **Administrative actions**: 1 year

### Enterprise Retention

Extended retention available:

* Custom retention periods
* Long-term archival
* Compliance-specific requirements

Contact [sales@adapt.com](mailto:sales@adapt.com) for enterprise retention options.

## Security Monitoring

### Automated Alerts

We monitor for:

* **Unusual access patterns**: Anomalous login behavior
* **Failed authentications**: Multiple failed attempts
* **Privilege escalation**: Unexpected permission changes
* **Data access anomalies**: Unusual query patterns

### Response Procedures

When alerts trigger:

1. Automated notification to security team
2. Investigation within defined SLA
3. Customer notification if warranted
4. Remediation and documentation

## Compliance Support

Audit logs can help support various compliance frameworks:

### SOC 2 (Type II Certified)

* Evidence of access control effectiveness
* Proof of security monitoring
* Change management documentation

### GDPR

* Data access tracking
* Processing activity records
* Right to access support

### CCPA

* Personal data access logging
* Deletion request tracking

## Using Logs for Security

### Regular Reviews

We recommend:

<AccordionGroup>
  <Accordion title="Weekly: Review user activity">
    Check for unusual patterns or access
  </Accordion>

  <Accordion title="Monthly: Review admin actions">
    Audit permission and configuration changes
  </Accordion>

  <Accordion title="Quarterly: Full audit review">
    Comprehensive review for compliance
  </Accordion>
</AccordionGroup>

### Investigation Support

For security investigations:

1. Use date range filters to narrow scope
2. Filter by user to trace specific activity
3. Export logs for external analysis
4. Contact [security@adapt.com](mailto:security@adapt.com) for support

## API Access

Enterprise customers can access logs programmatically:

```bash theme={null}
GET /api/v1/audit-logs
Authorization: Bearer <token>

Parameters:
- start_date: ISO 8601 timestamp
- end_date: ISO 8601 timestamp
- event_type: filter by event type
- user_id: filter by user
- limit: max results (default 100)
```

## Questions?

For audit log questions:

* **Email**: [security@adapt.com](mailto:security@adapt.com)
* **Enterprise**: Contact your account manager

<CardGroup cols={2}>
  <Card title="Access Controls" icon="users" href="/security/access-controls">
    Manage permissions
  </Card>

  <Card title="SOC 2 Compliance" icon="certificate" href="/security/soc2-compliance">
    Our compliance program
  </Card>
</CardGroup>
