Platform Audit Logs

Administrative action logging — what is captured, how to access, export, and stream to a SIEM.

What Are Platform Audit Logs?

Platform audit logs record administrative actions taken at the workspace level — as distinct from record-level audit trails. They are intended for security monitoring and compliance.

What is Logged

Member invitations, role changes, deactivations, and removals.
SSO and SCIM configuration changes.
Process creation, publication, and deletion.
Data retention policy changes.
Legal hold applications and removals.
API key creation and revocation.
Billing plan changes.
Admin sign-in events and failed authentication attempts.

Accessing the Logs

Platform audit logs are accessible to workspace Admins at Settings → Security → Audit Log. The log viewer supports filtering by actor, event type, and date range.

Exporting Audit Logs

Export logs as CSV from the filter view. For ongoing compliance monitoring, configure a SIEM integration to stream audit log events to Splunk, Datadog, or any system that accepts webhook events.

Data Retention

Back to Administration