Logging & Monitoring
Witboost provides comprehensive, enterprise-grade logging and monitoring capabilities designed for security operations, compliance auditing, and operational excellence.
What Is Logged
All security-relevant events are captured:
| Category | Events |
|---|---|
| Authentication | User logins, logouts, failed authentication attempts, MFA challenges |
| Authorization | Permission evaluations (allow/deny), role changes, group assignments |
| Data Access | Metadata access events — who accessed which catalog entries, when |
| Administrative | Configuration changes, policy modifications, template updates |
| Deployment | Deployment actions, approval workflows, governance policy evaluations |
| System | System errors, component health, resource utilization |
Log Integrity
Witboost logs are designed to meet the highest audit requirements:
- Write-protected — Logs cannot be modified after creation
- Tamper-evident — Any attempt to alter logs is detectable
- Protected infrastructure — Logging systems are protected against unauthorized access and manipulation
- Regular review — The effectiveness of logging protections is reviewed and documented regularly
SIEM Integration
Platform logs can be integrated with the customer's Security Information and Event Management (SIEM) system:
- Standard log formats (JSON, Syslog)
- Real-time log streaming support
- Compatible with common SIEM platforms (Splunk, Elastic, Azure Sentinel, etc.)
- Centralised alerting and correlation
Audit Trail
Every action in Witboost generates an immutable audit record containing:
- Who — Authenticated user identity (from the customer's IdP)
- What — The specific action performed
- When — Timestamp with timezone
- Where — Source IP / session identifier
- Result — Success or failure, with reason codes for denials
Logs contain user identifiers (usernames or user IDs from the identity provider) for audit traceability. Logs do not contain personal data content from the data plane, since Witboost does not process end-user data.
Identifiers in Logs
If the customer's identity provider uses email addresses as user IDs, those will appear in audit logs. This is necessary for:
- Accountability and non-repudiation
- Incident investigation
- Compliance with access logging requirements (e.g., GDPR Article 5(2))
The customer controls what identifier format is used by configuring their identity provider.
Log Retention
In on-premises deployments, the customer has full control over:
- Log retention periods
- Log storage location
- Log archival and rotation policies
- Log access permissions
Agile Lab can provide guidance and best practices for log management configuration.