> ## Documentation Index
> Fetch the complete documentation index at: https://koreai.mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.
# Audit Log
Track and review all administrative and operational activities across AI for Work.
***
## Overview
The Audit Log system records every administrative and user action on the platform, creating a tamper-resistant trail that supports security, compliance, and troubleshooting.
Logs are captured in three locations, each scoped to a different level of the platform:
| Location | What it tracks | Who can access |
| ------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
| **Admin Hub** | Platform-wide configuration changes — user management, security settings, assistant config, workspace management | Full admins (all logs); custom admins (modules they manage) |
| **Workspace** | Team-level activity — collaborator changes, permission updates, workspace configuration, resource allocation | Workspace administrators |
| **Agent** | Agent-level activity — creation, modification, publishing status, integrations | Users with edit access or ownership of the agent |
## Log Entry Details
Every log entry captures the following fields:
| Field | Description |
| ------------- | ----------------------------------------------------------------------------------------------------------- |
| **User** | Full name and email address of the person who performed the action |
| **Module** | The functional area where the activity occurred (e.g., User Management, Security, or a specific agent page) |
| **Activity** | A concise description of the action and its impact |
| **Timestamp** | Exact date and time of the activity in a consistent format |
## Filtering
Use the built-in filters to narrow log results for investigation or review.
| Filter | Description |
| ----------------------- | ------------------------------------------------------------------------------------------ |
| **Date Range** | Limit results to a specific time period |
| **User** | Show activity from a specific individual |
| **Module / Sub-module** | Focus on a functional area; the filter adapts dynamically based on the current log context |
## Export
Export filtered logs for compliance reporting, investigations, or record-keeping.
* Click **Export** to download the current filtered view as a CSV file.
* All data fields and relationships are preserved in the export.
***
## System Integrity
The Audit Log system is built with the following guarantees:
| Property | Description |
| --------------------- | ------------------------------------------------------------- |
| **Real-time logging** | Actions are recorded instantly when performed |
| **Consistent format** | Log entries use the same structure across all three locations |
| **Complete coverage** | No entries are missing or duplicated |
| **Tamper resistance** | All logs are read-only and cannot be modified |
## Audit Log API
Use the Audit Log API to retrieve log data programmatically for custom reporting, SIEM integration, or compliance workflows.
| Property | Value |
| ----------------- | --------------------------------------- |
| **Method** | `GET` |
| **Endpoint** | `https://{{host}}/api/public/auditlogs` |
| **Content-Type** | `application/json` |
| **Authorization** | `auth: {{Admin's Personalkey}}` |
### Query Parameters
All parameters are optional unless your use case requires scoping. Combine them to narrow results.
| Parameter | Description | Example |
| ----------------------- | ----------------------------------------------- | ------------------------------------------------------------- |
| `entity` | Type of resource to filter by | `entity=usergroups` |
| `entityId` | Unique ID of a specific resource instance | `entityId=12345` |
| `userId` | Filter by the user who performed the action | `userId=john_doe` |
| `emailId` | Filter by the email address of the acting user | `emailId=john.doe@example.com` |
| `startTime` / `endTime` | Time window for the query (ISO 8601 format) | `startTime=2024-12-01T00:00:00Z&endTime=2024-12-05T23:59:59Z` |
| `action` | Type of action: `create`, `update`, or `delete` | `action=create` |
### Supported Entities and Actions
| Entity | `entity` Key | Supported Actions |
| ------------------------------ | ------------------------------ | ---------------------- |
| User Group | `usergroup` | create, update, delete |
| Agent | `Agent` | create, update, delete |
| Role | `role` | create, update, delete |
| SSO Status | `ssostatus` | update |
| Service Account | `serviceaccount` | create, update, delete |
| LLM Integrations | `llmintegrations` | create, update, delete |
| Domains | `domains` | create, update, delete |
| Rate Limits | `ratelimits` | update |
| Email Notification Preferences | `emailnotificationpreferences` | update |
| Business Rules | `nlprules` | create, update, delete |
| User Enrollment | `userenrollment` | update |
### Sample Request
```bash theme={null}
curl --location 'https://{{host}}/api/public/auditlogs?startTime=2024-12-01T23%3A59%3A59Z&endTime=2024-12-12T23%3A59%3A59Z&entity=nlprules&action=update&emailId=test.user%40example.com' \
--header 'auth: {{Admin's Personalkey}}'
```
### Sample Response
```json theme={null}
{
"logs": [
{
"parentIds": [],
"_id": "67584fc8a16721a7bb876d3b",
"entity": "nlprules",
"action": "update",
"userId": "u-6fd26567-2b99-5265-9b69-54fba448d26f",
"accountId": "ac-a16b8603-4c4d-57b7-a6e2-ddf53fee4efb",
"entityId": "66a389b40e9b336c5e6edb19",
"delta": {
"from": {},
"to": {
"name": "Answer rule - 67"
}
},
"htmlText": "Update business rule Answer rule - 67",
"userName": "John Doe",
"emailId": "john.doe@example.com",
"keywords": "",
"cOn": "2024-12-10T14:27:20.286Z",
"__v": 0
}
]
}
```
***