Skip to main content

Secure Audit Log

Read about the Secure Audit Log

A secure audit log is a record of events or actions that are stored in a tamper-proof manner to ensure the integrity and accuracy of the information. It is a critical component of any system that requires accountability and transparency. A secure audit log can be used to detect security breaches, unauthorized access, or other malicious activities within a system. By providing a complete and accurate record of all system events, a secure audit log can help organizations maintain compliance with legal and regulatory requirements, as well as improve their overall security posture.

Pangea Secure Audit Log

Pangea Secure Audit Log is a fully managed service that provides builders transparent, immutable, and cryptographically verifiable tamperproof audit logging capabilities easily integrated into any app.

About Audit Log

Audit logs are used to record activity that occurs within an application. Audit log events are focused on answering the question, "who did what when?" Audit log data is often voluminous with long data retention periods, requiring significant infrastructure to store and recall events. Typically, audit log use cases fall into one of three categories:

  • Something went wrong
    • In this case, a configuration change was made in an application causing it to behave in an undesirable manner. Audit logs can help an admin team look for changes that correspond with the time the problem started occurring and then reverse those changes once identified. Typically, these logs do not carry long-term retention requirements.
  • Data is missing
    • In situations where vital customer data is missing, Audit Log data can be used to provide quick answers about when the data was deleted and by whom. These logs require longer retention periods and more advanced search capabilities due to the unknown nature of the events prompting the review.
  • Compliance
    • In most cases, this is usually what's driving application developers to build audit logging capabilities. Compliance frameworks require that specific activity within an application be recorded and stored for very long periods (1-10+ years). Building an audit logging framework for this kind of long-term data retention requirement can be very challenging and distracts from the work that developers need to focus on to bring their product to market. However, this work is essential because without it the product being built may not be marketable to the intended audience.

Now, Pangea Secure Audit Log provides a solution for each of these use cases. Developers can store and search records, define retention periods, and even configure redaction rules to prevent the unnecessary proliferation of sensitive data. Developers can offload the burden of developing the infrastructure and security policies and capabilities needed to protect and scale the backend for their requirements.

Use Pangea Secure Audit Log

The Secure Audit Log Service takes the burden of logging infrastructure off of builders and replaces it with simple API endpoints for recording and searching events.

Key capabilities

Pangea's Secure Audit Log provides key capabilities that help builders meet their logging needs:

  • Tamperproof by design
    • Prove to your customers that their audit logs are secure and have never been altered.
  • Configurable Retention Periods
    • Configure how long to retain your logs in audit settings, and the infrastructure will scale automatically to meet those requirements.
  • Integrated Log Redaction
    • Prevent unintentional leakage of sensitive information in your logs. Pangea Secure Audit Log has direct integration into Pangea's Redact service.
  • Scalable Searching
    • The Secure Audit Log /search endpoint makes searching even huge amounts of retained log data performant.
  • SDK for fast integration
    • Pangea's SDK is written in multiple languages to make integrating Secure Audit Log into your application fast and efficient.

Pangea has based Secure Audit Log on years of experience building compliant enterprise applications. The service ensures that builders have what they need to build provably secure and compliant audit logging capabilities without reinventing the wheel.

Was this article helpful?

Contact us