Audit Logs
Ventryx maintains an immutable, tamper-evident audit trail of every security-relevant action taken on your organization — by users, API keys, or the platform itself.
What is logged
| Category | Events logged |
|---|---|
| Authentication | Login, logout, MFA enroll, MFA verify, failed attempts |
| API keys | Create, revoke, scope changes |
| Team | Member invited, role changed, member removed |
| Organization | Settings changed, SSO configured, IP allowlist updated |
| Billing | Plan changed, payment method updated, invoice paid |
| Data | Export initiated, bulk delete, data retention policy changes |
Audit log entry format
Example entry
{
"id": "audit_01HXYZ",
"timestamp": "2026-04-03T09:15:00.000Z",
"action": "api_key.revoked",
"actor": {
"type": "user",
"id": "usr_01HABC",
"email": "[email protected]"
},
"resource": {
"type": "api_key",
"id": "key_01HDEF",
"name": "ci-pipeline"
},
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 ...",
"metadata": {}
}
Querying audit logs
GET /v1/audit-logs?action=api_key.*&from=2026-04-01&limit=100
Filter by action, actor.id, resource.type, or time range. All filters can be combined.
Exporting for SIEM
Stream audit logs to your SIEM or security tooling in real time using a log drain or webhook subscription on the audit.* event namespace. Supported formats include JSON and CEF (Common Event Format).
Retention
| Plan | Retention |
|---|---|
| Starter | 90 days |
| Pro | 1 year |
| Enterprise | Up to 7 years (configurable) |