Knogin
[Developers]

Audit Trail Domain

A GDPR compliance officer needs to demonstrate, under regulatory examination, that her organisation has a complete record of every action taken on personal data over the past three years. That means not just log files bu

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsreal-timecomplianceblockchaingeospatial

Overview#

A GDPR compliance officer needs to demonstrate, under regulatory examination, that her organisation has a complete record of every action taken on personal data over the past three years. That means not just log files but structured, searchable, exportable records with before-and-after state tracking. The Audit Trail domain provides that infrastructure across the entire platform, automatically.

Every user action, system event, and API operation generates an immutable audit record the moment it occurs. Those records can be filtered, exported, and analysed. Nothing is retroactively edited. Compliance teams can answer regulators' questions; security teams can investigate incidents; administrators can trace the full impact of any operation across every service it touched.

Key Features#

  • Automatic Event Capture: Logs all user actions, system events, and API operations with before/after state snapshots for complete change tracking.
  • Multi-Tenant Isolation: Complete tenant-level data segregation ensures organisations can only access their own audit data.
  • Advanced Filtering and Search: Powerful search capabilities with saved filter configurations for common audit queries such as security events, permission changes, and failed login attempts.
  • Multi-Format Export: Export audit trails in CSV, JSON, and PDF formats with background processing for large datasets and signed download URLs.
  • Statistical Analytics: Real-time aggregation and trending analysis for dashboard display, including event breakdowns by type and actor.
  • Correlation Tracking: Links related events across distributed operations using correlation identifiers for end-to-end tracing.
  • Sensitive Data Flagging: Marks events containing personally identifiable information for enhanced access control and retention policy management.
  • Immutable Records: Write-once design ensures audit events cannot be modified or deleted, maintaining evidentiary integrity.
  • Saved Filter Configurations: Compliance teams and auditors can save and reuse filter configurations for recurring audit queries.
  • Hierarchical Event Types: Dot-notation event categorisation enables flexible querying at any level of the event hierarchy.

Use Cases#

Compliance officers generate audit reports for regulatory examinations by filtering events by type, severity, and date range, then exporting in the required format, whether that is a CSV for an FCA review or a PDF for an ISO 27001 certification audit.

Security teams monitor for suspicious activity by saving filters for failed login attempts, permission escalations, and breach detection events, with real-time statistical dashboards showing activity spikes as they happen.

Investigators trace the complete history of actions taken on a specific case or piece of evidence by querying all events associated with an entity, establishing exactly who accessed it and when, a requirement for chain-of-custody documentation.

Organisations with GDPR obligations meet data portability requirements by exporting a user's complete audit trail, and enforce right-to-erasure through configurable retention periods with automatic deletion while preserving records under active legal holds.

System administrators use correlation tracking to trace a single user action across multiple services, understanding its full impact and identifying unexpected side effects during incident investigation.

Integration#

The Audit Trail domain is integrated throughout the platform, automatically capturing events from authentication, case management, investigations, alerts, and administrative operations. It connects with the compliance framework for regulatory reporting and the access control system for permission-based audit data access.

Open Standards#

  • NENA i3 (NG911 i3): The audit trail implements the NENA i3 action vocabulary for Next-Generation 911 workstreams, recording call ingress, ADR query/response, routing decisions, SIPREC recording lifecycle, and related NG911 state-changes as structured, filterable audit events.
  • ArcSight Common Event Format (CEF): Audit events are exportable in CEF v0 format, enabling direct ingestion by SIEM platforms such as Splunk, Microsoft Sentinel, Elastic, and IBM QRadar, with severity mapping and standard CEF extension fields.
  • OASIS EDXL (Emergency Data Exchange Language): EDXL TEP dispatch and HAVE resource-query operations are captured as named audit actions, maintaining a compliant record of all EDXL message exchanges within the platform.
  • OASIS CAP (Common Alerting Protocol): CAP alert egress events are recorded as first-class audit actions, ensuring every issued alert is traceable in the immutable audit chain.
  • PEMEA (Pan-European Mobile Emergency Applications, ETSI TS 103 478): PEMEA call-routing events are tracked within the NG911 audit vocabulary so that cross-border emergency call handling remains auditable under the European emergency services framework.
  • OWASP ASVS (Application Security Verification Standard) V6.2.8: Hash-chain integrity comparisons throughout the audit service use constant-time HMAC comparison (per ASVS V6.2.8) to prevent timing-oracle attacks against the cryptographic audit chain.
  • GraphQL (June 2018 specification): All audit query, filter-management, export, and statistics operations are exposed through a typed GraphQL schema, allowing clients to request exactly the audit fields and time ranges they require.
  • GDPR (Regulation (EU) 2016/679): Retention policies, right-to-erasure via append-only anonymisation markers, PII sensitivity flagging, and configurable legal holds are designed to satisfy GDPR data-minimisation, storage-limitation, and erasure obligations.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.