Audit Trail
Ragwalla maintains a comprehensive, tamper-evident log of all AI agent activity. Every action is recorded with cryptographic integrity protection, providing the evidence trail auditors and compliance teams require.
What Gets Logged
Every significant agent action generates an audit entry:
| Event Type | Examples |
|---|---|
| Authentication | User sign-in, API key usage, session creation |
| Agent activity | Conversation start, message sent, response generated |
| Tool execution | Vector search, file access, external API calls |
| Data access | RAG document retrieval, knowledge base queries |
| Administrative | Settings changes, user management, policy updates |
| Compliance | Legal hold creation, retention job execution |
Audit Entry Contents
Each audit entry includes:
| Field | Description |
|---|---|
| Timestamp | When the action occurred |
| Actor | Who performed the action (user, agent, or system) |
| Action | What was done |
| Resource | What was affected |
| Outcome | Success or failure |
| Context | Organization, project, conversation thread |
Tamper-Evident Integrity
Ragwalla uses cryptographic chaining to ensure audit logs cannot be modified without detection.
How It Works
Each audit entry is linked to the previous entry using a cryptographic hash. This creates an unbroken chain where:
Deletions are detectable — Missing entries create gaps in the sequence
Modifications are detectable — Changed entries break the hash chain
Insertions are detectable — Added entries disrupt the chain continuity
Verification
Auditors can verify the integrity of your audit logs at any time. The verification process checks that every entry's hash correctly links to the previous entry, proving the chain has not been tampered with.
Retention and Archival
Configurable Retention
Set how long audit logs are retained based on your compliance requirements. Common retention periods:
| Requirement | Typical Retention |
|---|---|
| Standard business | 1 year |
| SOC 2 | 1-3 years |
| Financial services | 7 years |
| Federal/FedRAMP | 7+ years |
Archive Preservation
When audit logs reach their retention limit, Ragwalla archives them before deletion. This preserves the ability to verify chain integrity historically, even after the original entries are removed.
Querying Audit Logs
Dashboard Access
View audit logs through the Ragwalla dashboard with filters for:
Date range
Actor (user or agent)
Action type
Resource type
Outcome (success/failure)
API Access
GET /v1/dashboard/organizations/:orgId/audit_logs
Query parameters:
from/to— Date rangeactor_id— Filter by actoraction— Filter by action typeresource_type— Filter by resourceoutcome— Filter by success/failure
Export
Export audit logs in JSON or CSV format for:
Compliance evidence packages
Security investigations
Integration with SIEM tools
Common Use Cases
Security Investigation
When investigating a potential security incident:
Query audit logs for the affected time period
Filter by the suspected actor or resource
Review the sequence of actions
Verify chain integrity to ensure logs weren't tampered with
Compliance Audit
When preparing for a SOC 2 or other compliance audit:
Export audit logs for the audit period
Generate integrity verification report
Include in your evidence package
Demonstrate retention policy enforcement
Access Review
For periodic access reviews:
Query audit logs for authentication and authorization events
Identify unusual access patterns
Review agent tool usage
Document findings for compliance records
API Reference
Query Audit Logs
GET /v1/dashboard/organizations/:orgId/audit_logs
Verify Chain Integrity
POST /v1/dashboard/organizations/:orgId/audit_logs/verify
Returns verification status and any detected issues.
Export Audit Logs
GET /v1/dashboard/organizations/:orgId/audit_logs/export
Supports JSON and CSV formats.
Related
Data Retention — Audit log retention settings
Legal Holds — Preserving audit records
NIST 800-53 — AU-11 control implementation