Product Modules

Audit Trail

Inspect tenant audit chronology, verify entries, and send selected source records to the Evidence Factory.

1 min read141 words

Audit Trail is the immutable event workspace at /audit. Route access requires audit:read unless a full-access role applies.

What it owns

  • Tenant audit chronology and source-entry detail.
  • Time filtering, refresh, entry expansion, and per-entry verification.
  • Evidence-chain and anchor status presented with the event record.
  • Selection of visible source entries and chronology for a contextual Evidence Factory Job.

Audit Trail remains the authoritative event viewer. Evidence Room owns the export job, manifest, bundle, sharing, and final verification lifecycle.

Evidence handoff

flowchart LR
  A["Audit entries"] --> S["Selected source-entry IDs"]
  S --> F["Evidence Factory Job"]
  F --> B["Sealed Evidence Bundle"]

The contextual action enforces the factory selector limit before submission. Tenant and actor identity are rebound from authenticated server context.

Unavailable and permission-denied states keep cached signed state separate from the latest refresh result.

Audit Trail | Developer Docs | KLA Control Plane