Changes
The Changes page is the primary compliance audit trail. It logs every create, update, and delete action performed on system resources. This append-only log cannot be modified or deleted, providing the evidence trail required for SOC2 and ISO 27001 compliance reporting.
Fields & Columns
| Name | Description |
|---|---|
| Time | Timestamp when the change occurred |
| User | The user who made the change, or "System" for automated actions |
| Action | Type of change: create (green), update (yellow), or delete (red) |
| Resource | The resource type and ID that was affected (e.g., "scanner #5") |
| Changes | Summary of changed fields, or field count if more than two fields changed |
| IP Address | Client IP that made the change, useful when multiple people share an account |
How To
Export audit evidence for SOC2
- Navigate to Audit > Changes.
- Set the date range to the audit period.
- Apply any relevant resource filters.
- Click Export to download the filtered audit log.
- Attach the export to your compliance evidence package.
Gotchas
- This log is append-only and cannot be modified or deleted, even by the owner account.
- Change audit records are retained indefinitely and cannot be purged, even by the owner account. This provides the continuous, tamper-evident history required for SOC2 CC7.2 and ISO 27001 A.12.4.1.
- The Changes column summarizes which fields changed but does not display before/after values inline. Full field-level diffs are available by clicking the change record or via the API detail endpoint.
- System-initiated changes (e.g., scheduled tasks) show "System" instead of a username.
API Calls (1)
| Method | Path | Description |
|---|---|---|
| GET | /api/audit/changes | List all audit change events (paginated) |
Related Pages
- Views — Tracks read access rather than state changes
- Auth — Tracks authentication events (logins, logouts, failures)
- Port State Changes — Tracks port state transitions between scans rather than configuration changes
- Audit Log Integrity — Verifies the hash chain protecting this audit log has not been tampered with
- Roles — Role modifications are logged as change events in the audit trail