Audit Logs

AD Unlock maintains comprehensive audit logs for security and compliance.

What’s Logged

Request Events

Admin Events

Connector Events

Log Entry Example

{
  "id": "log_abc123",
  "timestamp": "2024-01-15T10:32:45.123Z",
  "tenant_id": "tenant_xyz",
  "event_type": "request.completed",
  "actor": {
    "type": "whatsapp_user",
    "phone": "+5511999999999",
    "ad_user": "john.doe@company.com"
  },
  "action": {
    "type": "account_unlock",
    "target": "john.doe",
    "result": "success"
  },
  "context": {
    "conversation_id": "conv_123",
    "request_id": "req_456",
    "connector_id": "conn_789"
  },
  "risk": {
    "score": 15,
    "factors": ["business_hours"]
  },
  "policy": {
    "id": "pol_abc",
    "name": "Standard Users",
    "decision": "auto_approve"
  },
  "duration_ms": 1250
}

Viewing Logs

Admin Portal

1. Go to Audit Log
2. Filter by:
   • Date range
   • Event type
   • User
   • Action

Export

Export logs for external analysis:

• CSV format
• JSON format
• Date range selection
• Event type filtering

Log Integrity

Immutability

• Logs cannot be modified after creation
• Append-only storage
• Cryptographic checksums

Retention

• Default: 90 days
• Configurable per tenant
• Archived logs available on request

SIEM Integration

Export logs to your SIEM:

Syslog

syslog.adunlock.me:514
Protocol: TCP
Format: RFC 5424

Webhook

Configure webhook for real-time events:

1. Portal → Settings → Integrations
2. Add webhook URL
3. Select event types
4. Save

API

Query logs via API:

curl -H "Authorization: Bearer $TOKEN" \
  "https://api.adunlock.me/admin/audit-logs?from=2024-01-01&to=2024-01-31"

Compliance Reports

Generate compliance reports:

1. Portal → Reports
2. Select report type:
   • Activity summary
   • User access report
   • Failed attempts
   • Policy violations
3. Select date range
4. Generate PDF/CSV