An audit log is a chronological record of security-relevant actions that occur in a system. It is used to store evidence of a specific operation, procedure or event. Many enterprise customers of SaaS businesses require an audit log of access, administrative and system events. Companies that have compliance requirements (e.g. SOC 2) may be required to keep such logs in order to produce an official record when obligated to produce proof of compliance. Additionally, developers use audit logs to do root cause analysis of how a complex system produced a failure or arrived in an unexpected state.
Phase Two has built an audit logging system that is used by default internally. All access, administrative and system events are recorded in the audit log and made available to the customer to fulfill their requirements.
The Phase Two audit logging system is also available to the customer to add their system's actions and events. A single API method with a simple event format allows flexibility in storing context about the action or event. Both Phase Two and customer events are available in the administrative application to be searched, filtered and exported for external consumption.
Phase Two records access event types that pertain to end users use of the Phase Two and customer systems. These are primarily registration, login and account management actions.
Actions performed from the Phase Two dashboard or using the administrative API are recorded as events.
System event types are reported by Phase Two to give the customer information on operational issues with the Phase Two system. Things like system maintenance, scheduled downtime, version updates, outage notifications and more will be published for this event type.
📄️ Audit Log API
Customers can use the existing audit logging mechanism to include their own application's events. There is a single API method that will consume events in the representation below and make them available for searching, filtering and exporting.
Webhooks give application developers the ability to listen for all audit events using an HTTP endpoint. Events are sent to your endpoint using the same format as they are submitted in the audit API.