> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs

> View security events, compliance audit trails, and interactions in your dashboard

<Info>
  PromptGuard maintains detailed logs of all security events and interactions, accessible through the dashboard for security analysis and compliance reporting. Enterprise plans include persistent audit logs with integrity hash chaining for SOC 2 compliance.
</Info>

## Current Availability

### Dashboard Access

View audit logs and security events through the dashboard:

1. **Navigate to Interactions**: [app.promptguard.co](https://app.promptguard.co) → Projects → \[Your Project] → Interactions
2. **Filter and Search**: Use filters to find specific events by type, date, or content
3. **Export Data**: Download interaction data for analysis

### Audit Log Page

Scale and Enterprise plans include a dedicated Audit Log page with advanced filtering:

1. **Navigate**: [app.promptguard.co](https://app.promptguard.co) → Dashboard → Audit Log
2. **Filter**: Category, action, severity, actor, date range
3. **Export**: Download as JSON for compliance reporting

The audit log captures all configuration changes, authentication events, data access, and security decisions.

### What Gets Logged

PromptGuard captures comprehensive audit trails for:

#### Security Events

* **Threat Detection**: Security violations, blocked requests, policy triggers
* **PII Redaction**: Automatic masking of sensitive data
* **Policy Decisions**: Allow, block, or redact actions
* **Detection Methods**: Regex, ML, or agentic evaluator used

#### API Activity

* **Request Details**: All API calls with timestamps and metadata
* **Response Information**: Status codes, processing times
* **Error Events**: Failures, timeouts, and error conditions
* **Usage Tracking**: Token consumption and costs

## Log Structure

### Standard Log Format

All security events follow a consistent structure:

```json theme={"system"}
{
  "id": "evt_abc123def456",
  "timestamp": "2024-01-15T10:30:15.123Z",
  "user_id": "user_123",
  "project_id": "proj_abc123",
  "api_key_id": "ak_xyz789",
  "decision": "block",
  "threat_type": "PROMPT_INJECTION",
  "detector": "ml_model",
  "confidence": 0.95,
  "content_preview": "Ignore all previous instructions...",
  "reason": "ML API detected injection (confidence: 0.95)",
  "metadata": {
    "model": "gpt-5-nano",
    "latency_ms": 42,
    "ip_address": "203.0.113.45"
  }
}
```

### Event Categories

#### Security Events

```json theme={"system"}
{
  "decision": "block",
  "threat_type": "PROMPT_INJECTION",
  "detector": "ml_model",
  "confidence": 0.95,
  "reason": "ML API detected injection"
}
```

#### PII Redaction Events

```json theme={"system"}
{
  "decision": "redact",
  "threat_type": "PII_LEAK",
  "detector": "regex",
  "confidence": 1.0,
  "reason": "Credit card number detected and redacted"
}
```

## Dashboard Access

### Viewing Interactions

Access your security events through the dashboard:

1. **Navigate**: [app.promptguard.co](https://app.promptguard.co) → Projects → \[Your Project] → Interactions
2. **Filter**: Use the filters to find specific events:
   * **Flagged Only**: Show only blocked/redacted events
   * **Search**: Search in content or reason text
   * **Date Range**: Filter by last N days
3. **Details**: Click on any event to see full details

### Exporting Data

Pull interactions via the API and feed them into your own tooling -- a SIEM, a data warehouse, a compliance dashboard, or a simple script.

```bash theme={"system"}
# Fetch recent flagged security events
curl https://api.promptguard.co/dashboard/interactions \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  --get \
  -d "flagged_only=true" \
  -d "page_size=100"
```

```bash theme={"system"}
# Fetch events for a specific project within the last 7 days
curl https://api.promptguard.co/dashboard/interactions \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  --get \
  -d "project_id=proj_123" \
  -d "days=7" \
  -d "page=1"
```

#### Available Filters

| Parameter      | Description                       | Example            |
| -------------- | --------------------------------- | ------------------ |
| `project_id`   | Filter by specific project        | `proj_abc123`      |
| `flagged_only` | Only show blocked/redacted events | `true`             |
| `search`       | Text search in content/reason     | `prompt injection` |
| `days`         | Filter by last N days             | `7`                |
| `page`         | Page number for pagination        | `1`                |
| `page_size`    | Max events to return per page     | `100`              |

Events are returned sorted by timestamp descending.

## Best Practices

### Log Retention

* **Current**: Logs are retained based on your plan tier
* **Free**: 24 hours (no guaranteed retention)
* **Pro**: 7 days retention
* **Scale**: 30 days retention
* **Enterprise**: Custom retention (configurable per organization)

### Persistent Audit Trail (Enterprise)

Enterprise plans include a persistent audit trail stored in the `audit_events` table:

* **Categories**: `security`, `authentication`, `data_access`, `configuration`, `billing`
* **Integrity**: Each event has a SHA-256 integrity hash chained to the previous event's hash (`previous_hash` → `integrity_hash`), forming a tamper-evident append-only chain
* **Organization-scoped**: Events filtered by your organization context
* **SOC 2 ready**: Meets audit log requirements for SOC 2 Type II compliance

### Hash Chain Verification

Verify the integrity of your audit trail over any time range:

```bash theme={"system"}
curl -X POST https://api.promptguard.co/dashboard/audit-log/verify-chain \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  -d "start_date=2026-01-01T00:00:00Z" \
  -d "end_date=2026-04-10T00:00:00Z"
```

Response:

```json theme={"system"}
{
  "valid": true,
  "verified_count": 12847,
  "first_break_at": null
}
```

If any event has been tampered with, `valid` will be `false` and `first_break_at` will identify the first corrupted event.

### GDPR Compliance

Enterprise features include GDPR data subject rights:

* **Data Export**: `POST /dashboard/compliance/data-export` - Export all your data
* **Data Deletion**: `POST /dashboard/compliance/data-deletion` - Delete all your data (requires confirmation)

### Compliance

* All security events are logged for compliance
* Logs include timestamps, user IDs, organization IDs, and decision metadata
* Pull audit data via the Interactions API for compliance reporting
* Events include IP address and user agent for forensic analysis

## Next Steps

<CardGroup cols={2}>
  <Card title="View Interactions" icon="eye" href="https://app.promptguard.co">
    Access your security events in the dashboard
  </Card>

  <Card title="Analytics" icon="chart-line" href="/platform/dashboard">
    View comprehensive analytics and metrics
  </Card>

  <Card title="Usage Tracking" icon="chart-bar" href="/platform/usage-tracking">
    Monitor API usage and costs
  </Card>

  <Card title="API Reference" icon="book" href="/api-reference/introduction">
    Complete API documentation
  </Card>
</CardGroup>

Need help integrating audit data with your infrastructure? [Contact support](mailto:support@promptguard.co) for guidance on enterprise integrations.
