Pillar four
The audit log is a hash-chained record of every administrative and access decision the platform makes. A single altered entry breaks the chain visibly. Investigators verify what happened without trusting the platform that produced the log.
An audit log that you have to trust is not really evidence.
In depth
Records are signed at write time and chained to the record before them. The verifier runs anywhere and confirms integrity against the public signing key. The whole structure is built to survive an examiner's review.
Each entry includes the SHA-256 of the entry that came before it. The chain is verifiable in one pass over the log.
Any single row can be verified in isolation against the signing key without reference to the rest of the log.
Verifiers process the log in bounded pages, so a tenant with millions of entries can be inspected without exhausting memory.
Prometheus-format metrics for request rate, request duration, and error rate, scraped by Prometheus and surfaced in Grafana.
Stream events to Splunk, Sumo Logic, Elastic Security, or Datadog with delivery confirmation in the platform.
Per-tenant retention windows aligned with your industry's requirements. Pruning preserves chain integrity going forward.
Bounded-size exports for review teams that prefer their own analytical tools.
Per-event webhook with HMAC-signed payloads for systems that ingest by push rather than pull.