# Audit Logs

{% hint style="info" %}
Audit logs are only available on our Enterprise Plan.

You can learn more about our plans with a feature breakdown at [countercyclical.io/pricing](https://countercyclical.io/pricing)
{% endhint %}

<figure><picture><source srcset="/files/UTT79zY4KQyDLLZvKoD7" media="(prefers-color-scheme: dark)"><img src="/files/F6BbhrOWTS0Nnwyrsk8F" alt=""></picture><figcaption><p>Countercyclical -> Settings -> Workspace -> Security -> Audit Logs</p></figcaption></figure>

## What are Audit Logs?

Audit logs are records that capture every action taken within your a system. These logs enhance security and ensures that companies stay compliant with audits and regulatory requirements. Audit logs also play a crucial role in maintaining transparency and accountability within a company along with serving as a vital tool for security monitoring, detecting and investigating suspicious activities, resolving unauthorized access attempts, or mitigating potential security breaches.

## Audit Logs in Countercyclical

Countercyclical ties every user's action within a workspace together with certain metadata such as who performed the action, what the action was, and when it was performed.

{% hint style="info" %}
Only workspace owners and admins can see and access audit logs.

For more information on workspace visibility, please read the [Permissions](/fundamentals/settings/workspace/permissions.md) page in our documentation.
{% endhint %}

### Audit Log Details

Each log entry comes provided with granular details, including:

* The user responsible for the action
* The user's workspace permission level
* The specific action performed
* The specific resource acted upon
* IP address
* Device type
* Browser
* Timestamp

{% hint style="info" %}
Try hovering over the information within the log entry to review more metadata!
{% endhint %}

### Search

Audit logs will be filtered based on the following default criteria:

* User's first name
* User's last name
* User's email address

{% hint style="info" %}
If filters are applied on top of the audit logs, the criteria above will change.
{% endhint %}

<figure><img src="/files/qzJv216Z8PpFbfPIrLAg" alt=""><figcaption></figcaption></figure>

### Filtering

Filters allow workspace owners and admin to more accurately filter for all audit log entries that fit certain metadata requirements.

Multiple filters can be applied at once.

<div align="left"><figure><img src="/files/LCJLwO7VNW8llw7aLAOI" alt="" width="300"><figcaption></figcaption></figure></div>

### Taking Action

<div align="left"><figure><img src="/files/7D2uNVZpDjrqVr14z8Ty" alt="" width="300"><figcaption></figcaption></figure></div>

There may be the need to quickly take action on a user within your workspace and limit their access to the workspace altogether, such as a potential security breach or unauthorized access to certain roles.

In Countercyclical, you can take action at the log-level and perform the following actions on any user within the workspace:

* View log details
* Filter by any of the user's log metadata fields
* Change user's permission
* Deactivate user
* Block user

### Exporting Audit Logs

Workspace owners and admins can export the audit log as a JSON or CSV file:

<figure><img src="/files/eE3aWNaUUukOrKT9Zog0" alt=""><figcaption></figcaption></figure>

## FAQs

Below you can find frequently asked questions related to audit logs within Countercyclical:

<details>

<summary>Do you offer integrations with Security Information and Event Management (SIEM) solutions?</summary>

While we don't currently offer any out-of-the-box integrations with SIEM's, we're more than happy to work with our Enterprise customers to build this functionality out!

Please reach out to us at <enterprise@countercyclical.io> with any inquires about your current systems and we'd be more than happy to work with you!

</details>

<details>

<summary>How often should audit logs be checked, and what best practices should be followed around audit logs?</summary>

The cadence of how often audit logs should be checked will vary from team to team, department to department, and company to company. Enterprise accounts on Countercyclical can check audit logs at any time, so it's at the discretion of the company as for the frequency they take.

It's recommended that companies designate personnel responsible for regularly reviewing and analyzing Audit Logs to identify any anomalies or potential security risks proactively.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.countercyclical.io/fundamentals/settings/workspace/workspace-security/audit-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.