Audit & Compliance
CORTEX maintains an immutable audit trail of all significant operations for security, compliance, and forensic analysis.
Audit Log Model
interface AuditLog {
id: string;
tenantId: string;
userId: string | null; // Who performed the action
action: string; // What action was performed
resourceType: string; // Type of resource affected
resourceId: string | null; // ID of affected resource
oldValue: object | null; // Previous state (for updates)
newValue: object | null; // New state
metadata: object; // Additional context
ipAddress: string | null; // Client IP
userAgent: string | null; // Client user agent
correlationId: string; // Request correlation ID
createdAt: Date;
}
Key Features
Immutability
Audit logs cannot be modified or deleted. They are append-only for compliance.
Automatic Capture
Most operations are automatically logged via interceptors. No manual code required.
Rich Context
Each log includes user, IP, timestamp, and before/after values for changes.
Queryable
Logs can be searched and filtered for investigations and reporting.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
GET | /audit-logs | Query audit logs |
GET | /audit-logs/:id | Get specific log entry |
GET | /audit-logs/resource-types | List logged resource types |
GET | /audit-logs/actions | List logged action types |
What Gets Logged
Authentication Events
- User registration
- Login success/failure
- Logout
- Token refresh
- Password changes
Resource Operations
- Create, Update, Delete operations
- Status changes
- Configuration changes
Access Control
- Role assignments
- Permission changes
- Access denials
Retention
By default, audit logs are retained for 90 days. This is configurable per tenant:
{
"features": {
"auditLogRetentionDays": 365
}
}
Compliance
CORTEX audit logging supports compliance with:
- SOC 2 — Security event logging
- GDPR — Data access tracking
- HIPAA — Healthcare audit requirements
- ISO 27001 — Information security logging