Audit logs

Saaya keeps an immutable audit log of every privileged action. It is append-only, signed, and exportable to your SIEM. SOC 2 auditors love it; security teams use it daily.

What we log

  • Authentication: sign-in, sign-out, MFA challenges, key minting, key revocation.
  • RBAC: role grants, role revokes, custom-role definition changes.
  • Configuration: agent create / update / publish / rollback, KB upload / delete.
  • Data access: session export, transcript download, recording download.
  • Org: invitation, seat change, billing event, workspace create / archive.

Retention

Audit logs are retained for 13 months by default. Business and Scale plans extend retention to 7 years for SOC 2 / DPDPA compliance. Logs cannot be deleted, only redacted, with the redactor and reason recorded.

Export to a SIEM

Stream logs to Splunk, Datadog, Elastic, or Sumo via webhook + Saaya's log adapter. For regulated customers we also ship a one-way S3 sink with object-lock for tamper-evident storage.

siem-stream.ts
await saaya.audit.streams.create({
  destination: {
    type: "s3",
    bucket: "acme-saaya-audit",
    region: "ap-south-1",
    objectLock: { mode: "compliance", retentionDays: 2557 }, // 7 years
  },
  format: "ocsf",
});

Audit-ready exports

For SOC 2, DPDPA, and HIPAA-aware audits, request an "audit pack" from `Settings → Compliance`. It bundles the relevant log slice, the policy evidence, and a signed manifest into a single archive.
PreviousRBAC & rolesNextCost tracking
Was this page helpful?