Skip to main content
The audit trail is a complete, tamper-proof record of every action taken in your CauseFlow tenant. Every change — from creating an incident to approving a remediation to inviting a team member — is logged automatically with the actor, timestamp, and relevant data. Go to Dashboard > Audit to access the audit trail.
The audit trail is essential for compliance requirements like SOC 2. All entries are retained for the lifetime of your tenant.

What is logged

CauseFlow logs every user and system action. This includes:
  • Incident events — Creation, status changes, severity updates, and closure
  • Investigation events — Investigation starts, agent completions, root cause submissions
  • Remediation events — Proposal creation, approvals, rejections, execution start, step completions and failures
  • Feedback events — Root cause confirmations and rejections
  • Team events — Invitations sent, invitations accepted, role changes, member removals
  • Integration events — Integration connections and disconnections
  • Settings events — Company settings updates, notification preferences changed
  • API key events — Key creation and revocation
  • Tenant events — Tenant creation and configuration changes
System-generated actions (such as an agent completing a task) are attributed to the CauseFlow system actor rather than a specific user.

Viewing entries

The audit trail displays entries in reverse chronological order — most recent first. Each entry shows:
FieldDescription
ActionWhat happened (for example, incident.status_changed or remediation.approved)
ActorThe user who performed the action, or system for automated actions
TimestampExact date and time of the action (UTC)
DetailsRelated data — for example, the previous and new status for a status change, or the member email for an invitation

Filtering entries

Use the filters above the list to narrow the audit trail:
  • Action type — Filter by a specific event category (incident, remediation, team, and so on)
  • Date range — Select a start and end date to view entries within a specific window

Tamper-proof integrity

Each audit entry includes a cryptographic hash computed from the entry’s data and the hash of the previous entry. This forms a chain — modifying any entry would invalidate the hash of every subsequent entry, making tampering detectable. To verify the chain integrity, click Verify integrity on the audit trail page. CauseFlow recomputes the hashes and confirms that the chain is unbroken. If any entry has been altered, the verification will report which entry broke the chain.
The integrity check runs server-side and covers all entries in your tenant’s history, not just the visible page.

Exporting

Export your audit log for compliance reporting, external SIEM integration, or long-term archival.
1

Open the export dialog

Click Export on the audit trail page.
2

Select a date range

Choose the start and end dates for the export. Leave both blank to export the full history.
3

Download

Click Export. CauseFlow generates a file in NDJSON format (newline-delimited JSON) — one JSON object per line. This format is compatible with most SIEM platforms and log ingestion pipelines.
Each exported entry contains the same fields visible in the UI plus the cryptographic hash, enabling you to verify chain integrity on your own infrastructure.