Skip to main content

Admin

Audit log

The audit log is a tamper-evident record of every security-relevant action in your workspace — who did what, when, and to which resource. Use it to investigate a change, satisfy an auditor, or stream activity into your own security tooling.

What it's for

  • Investigate — trace exactly what happened around a change or an incident.
  • Prove accountability — show an auditor a complete, tamper-evident history.
  • Forward and retain — stream events to your SIEM and generate compliance evidence.

The screens in it

There are two views, switched with the tabs under the page title:

  • Logs — the searchable event stream everyone with access can read.
  • Admin Settings — delivery, integrity, exports, and compliance tooling, shown to administrators who can manage audit configuration.
Audit log — the event stream with search, filters, and timeline

The Logs view

Header actions

ControlWhat it does
RefreshRe-pulls the latest events for your current filters.
LiveToggles a live tail — new events stream in as they happen. It's off by default so the list you're reading doesn't change under you.
ExportOpens the export dialog to download the events matching your current filters.

Finding events

ControlWhat it does
KPI stats barA quick summary of activity for the current view.
SearchFree-text search across events.
Time rangeLimits events to a chosen window.
Attribute filtersNarrow by attributes such as category, module, outcome, severity, and who performed the action. Reset clears them all.
TimelineA histogram of event volume over the selected range, so bursts are easy to spot.

Reading events

The event list shows one row per action. A burst of related actions collapses into a single expandable activity, while standalone actions appear as plain rows. Click an event to open a detail panel on the right with its full information; close it with the ✕. When you're viewing a single activity, a banner offers a Clear button to return to the full list.

The Admin Settings view

Administrators who can manage audit configuration get four tabs:

TabWhat it does
SIEMConfigure forwarding of audit events to your security tooling, send a test delivery, and review a delivery log of what was sent and whether it succeeded.
ChainVerify the cryptographic integrity of the log, confirming it hasn't been tampered with.
ExportsManage export jobs that package events for download.
ComplianceGenerate evidence reports for audits and reviews.
Audit log admin — SIEM, Chain, Exports, and Compliance tabs

Common workflows

Workflow: investigate what happened to a resource

  1. Open the Logs view and enter what you're looking for in Search, or set the attribute filters (for example a category or a person).

  2. Narrow the time range to the window you care about.

    Step 1 — filtering to the relevant activity
  3. Click an event to open its detail panel and read the full record. If the event is part of a burst, expand the activity to see everything that happened together.

Workflow: forward audit events to your SIEM

  1. Open Admin Settings and go to the SIEM tab.

  2. Enter your delivery configuration, then use Test Connection to confirm ThreatWeaver can reach your system.

    Step 1 — configuring and testing SIEM delivery
  3. Watch the delivery log to confirm events are being delivered successfully.

Workflow: export events for an auditor

  1. In the Logs view, set the filters and time range so the list shows exactly the events you need.
  2. Click Export and complete the dialog to download them.