Audit Trail
Maintained by: Aether365 Team Audience: Security administrators and compliance officers Scope: Aether365 account audit log - what is recorded and how to access it
The audit trail records every significant action taken in your Aether365 account.
What Is Logged
Every entry has an action id, a human actor (email when available, else user), and a JSON details payload.
| Category | Action id | Notes |
|---|---|---|
| Account | profile.updated | Full name / company name change |
account.self_deleted | Self-service account deletion | |
| Scans | scan.started | Manual or scheduled trigger |
scan.completed / scan.failed / scan.cancelled | Final scan status | |
scheduled_scan.created / .updated / .deleted | Scheduled scan management | |
| Microsoft connections | tenant.connected / tenant.disconnected | First-time admin consent |
connection.activated | Set as primary connection | |
connection.removed | Disconnect a single connection | |
connection.label_updated | Renaming a saved connection | |
| Team | member.invited / member.removed | Per-tenant team management |
| Notifications | notifications.updated | Email + Teams channels |
| API access | api_key.created / api_key.revoked | Enterprise feature |
| SSO / SAML | sso.configured / sso.deleted | Enterprise feature |
| Log retention | retention.updated | Enterprise feature |
| Billing | billing.checkout.started | Stripe Checkout session created |
subscription.created / subscription.updated / subscription.deleted | Stripe webhook events | |
invoice.payment_succeeded / invoice.payment_failed | Stripe webhook events | |
| Support | support.ticket.created / support.ticket.replied | Help-desk activity |
Viewing the Audit Log
To access the audit log:
- Go to Settings in the sidebar
- Open the Audit Log tab
The audit log shows the 500 most recent entries. Entries are sorted newest first.
Filtering
The audit page has four filters at the top:
- Event - dropdown listing every action your tenant has ever recorded.
- Actor - case-insensitive substring match on the email column.
- From / To - calendar pickers (the
tovalue is treated as end-of-day local time).
The filter row resets pagination to page 1 whenever you change a value, and a Clear filters link appears once any filter is active.
Exporting the Audit Log
To export the audit log as CSV:
- Open Settings > Audit Log.
- Apply any filters you want.
- Click Export CSV in the top-right.
The export iterates the API in 1000-row pages with the active filters applied and downloads a UTF-8 CSV named aether365-audit-YYYY-MM-DD.csv. Columns: Time, Event (human label), Action ID, Actor, Details (JSON).
Audit Log via API
The audit log is accessible via the REST API:
bash
curl https://api.aether365.io/tenants/me/audit-logs \
-H "Authorization: Bearer <token>"Query parameters:
| Parameter | Type | Description |
|---|---|---|
page | integer | Page number (default 1) |
limit | integer | Results per page (max 1000) |
action | string | Exact match on action id |
actor | string | Case-insensitive substring match on actor |
from | string | ISO 8601 timestamp - lower bound (inclusive) |
to | string | ISO 8601 timestamp - upper bound (inclusive) |
Example Response
json
{
"success": true,
"data": [
{
"id": "f4b1c7d2-...",
"action": "scan.started",
"actor": "alice@example.com",
"details": {
"scanId": "8d3e1f...",
"scanType": "compliance"
},
"createdAt": "2026-04-10T09:15:00Z"
}
],
"meta": {
"total": 142,
"page": 1,
"limit": 50,
"actions": ["api_key.created", "scan.started", "support.ticket.created"]
}
}meta.actions lists the distinct action ids your tenant has used - the UI uses it to populate the Event dropdown.
Retention
Audit log entries are retained for the same period as scan data. If you require longer audit log retention for compliance reasons, contact support@aether365.io to discuss an extended retention option.