To give you visibility over the changes that are made within your incident.io account, we use an audit log. Our audit log is powered by WorkOS. The log is available for customers on our Enterprise plan.
The audit log contains information about any configuration changes, as well as changes to a user's permissions (e.g. being given a new role, or access to a private incident).
Each entry will have an actor (the person or system that made the change) and one or more targets (a thing that was modified by this change). It will also include the Location and User Agent of the actor, where applicable.
Each entry will conform to a schema, which is documented here. Each entry also has a version, so that if our schema changes over time you’ll still be able to parse old events.
We’ll retain these entries for one year.
Audit log entries start from 18 April, 2023 (there are no entries available from before that date).
Viewing your audit log
You can view your audit log via our security settings page.
From there, you'll be able to:
View the entries via a web interface (filterable by target, event type, actor and date)
Export the entries for a given time period to a CSV
Set up a log stream to a SIEM provider of your choice (e.g. Datadog, Splunk or an Amazon S3 bucket)
You can see the details of each of the log entries that are emitted in our API Docs.