Auditing and Compliance

AISentinel maintains tamper-evident audit trails for every policy evaluation, configuration change, and administrative action. This guide helps compliance, security, and engineering teams centralize evidence and meet regulatory obligations.

Audit Data Model

Field	Description
`auditId`	Unique identifier for each event; returned in API responses.
`timestamp`	RFC 3339 timestamp in UTC.
`actor`	User, service account, or system component performing the action.
`tenant`	Tenant or namespace associated with the event.
`event`	Event type (`policy.decision.created`, `config.updated`, `team.member.invited`, etc.).
`metadata`	Structured JSON with contextual details (rulepack, input hashes, IP address).

Accessing Audit Logs

Portal

Navigate to Audit and filter by event type, actor, or decision result.
Export CSV or JSON for offline analysis.

API

curl -X GET "https://api.aisentinel.ai/v1/audit?event=policy.decision.created&limit=100" \
  -H "Authorization: Bearer $AISENTINEL_ADMIN_KEY" \
  -H "X-AISentinel-Tenant: $AISENTINEL_TENANT_ID"

Paginate using cursor tokens. Store responses in WORM-compliant storage per your retention policy.

Integrating with SIEM and Data Lakes

Splunk: Use HTTP Event Collector with tokens stored in secret managers. Reference Configuration Management for endpoint configuration.
Datadog: Send audit streams via Datadog Event Intake API; tag with tenant and rulepack for dashboards.
Azure Sentinel / Chronicle: Export to cloud storage (S3, GCS, Azure Blob) and ingest using built-in connectors.

Compliance Reporting

Regulation	Evidence Requirements	AISentinel Features
SOC 2	Change management logs, access reviews, incident response documentation.	Export audit logs, team changes, and remediation events. Combine with Remediation Automation.
HIPAA	Access to PHI, disclosure reporting, retention.	Track PHI accesses, maintain six-year retention, integrate BYOK.
GDPR	DSAR fulfillment, deletion verification.	Attach Cryptographic Proofs and provide audit excerpts to regulators.
PCI DSS	Log monitoring, access control.	Stream audits to SIEM with 90-day online retention, 1-year archive.

Scheduled Reports

Daily Digest: Summary of policy denials, configuration changes, and admin logins. Delivered via email or webhook.
Weekly Compliance Pack: Aggregated metrics, remediation status, and pending access reviews for GRC teams.
Quarterly Executive Report: Trends across business units, exported as PDF with charts sourced from Dashboard and Usage Analytics.

Retention and Storage Policies

Default retention is 400 days; configure via Configuration Management for longer periods.
For HIPAA workloads, set retention to 6 years and enable immutability (S3 Object Lock, Azure Immutable). Pair with Key Rotation.
Archive older logs in cold storage with access controls tied to compliance personnel.

Automation Patterns

Webhook Notifications: Subscribe to audit.export.completed events; see Webhook Integrations.
SIEM Correlation: Enrich AISentinel logs with application context (user IDs, session IDs) before ingestion.
Ticketing: Automatically create compliance review tickets when team.member.role_changed events occur.

Auditing Agent Frameworks

Embed auditId from AISentinel into LangChain or CrewAI telemetry for traceability (see LangChain and CrewAI).
Store evaluation results alongside framework logs to reconstruct agent decision paths during investigations.
Use Research Automation and Remediation Automation templates to ensure downstream automation inherits audit context.

Requesting Evidence for Regulators

Collect relevant audit IDs via API filters.
Generate corresponding Cryptographic Proofs for deletion or retention claims.
Package evidence with configuration exports, team rosters, and BYOK attestations.
Share securely using encrypted archives and track distribution in your compliance system.

Establishing disciplined audit practices ensures every AISentinel action is traceable, defensible, and aligned with regulatory obligations.