Audit logging
Complete audit trail for every authentication event, admin action, and configuration change.
Immutable logs
Audit events are append-only and cryptographically signed. Tamper-evident audit trail.
Structured events
Every event includes actor, action, target, timestamp, IP, and context. Easy to query and analyze.
SIEM export
Stream audit logs to your SIEM or log management system in real-time for correlation.
Every event logged
Complete audit trail
0
Extended retention available
Real-time streaming
Sub-second event delivery
noo id automatically records every authentication attempt, admin action, and configuration change in an immutable, cryptographically signed audit trail. Events are structured with full context — actor, target, IP, location, and method — making them easy to query via API or stream to your SIEM in real time. This gives your security and compliance teams a single, trustworthy source of truth for investigations, audits, and incident response.
Event lifecycle
Every authentication and admin event follows a consistent, tamper-proof pipeline from occurrence to analysis.
Event occurs
A user authenticates, an admin changes a setting, or an API call is made — the system captures the raw event in real time.
Structured event created
The event is enriched with actor, target, and full context including IP address, user agent, geolocation, and timestamp.
Cryptographically signed and appended
A SHA-256 hash chain links each entry to its predecessor, making the append-only log tamper-evident and verifiable.
Streamed to SIEM in real-time
The signed event is delivered to your SIEM, webhook endpoint, or log management platform with sub-second latency.
Query examples
Use the audit log API to search, filter, and export events programmatically with flexible query parameters.
curl "https://auth.noo.id/api/v1/audit-logs?\
start_time=2026-02-01T00:00:00Z&\
event_type=auth.login.failed&\
actor_id=usr_alice123" \
-H "Authorization: Bearer $API_KEY"
Retention & export
90-day free retention
Every plan includes 90 days of audit log storage at no extra cost, with automatic cleanup after expiry.
Extended retention up to 7 years
Upgrade retention to 1, 3, or 7 years to satisfy long-term compliance mandates like HIPAA and PCI DSS.
Real-time SIEM streaming
Stream events to Splunk, Datadog, CloudWatch, Azure Monitor, or any syslog and webhook endpoint with sub-second delivery.
JSON/CSV export
Export logs on demand or on a schedule to S3, Azure Blob, or Google Cloud Storage in JSON or CSV format.
Compliance coverage
SOC 2 Type II
Satisfies CC6.1 through CC7.2 controls for logical access security, provisioning, and system monitoring.
ISO 27001
Meets A.12.4 requirements for event logging, log protection, admin tracking, and clock synchronization.
HIPAA
Fulfills audit control and authentication logging requirements under §164.312(b) and §164.312(d).
GDPR
Supports Article 30 processing records and Article 33 breach detection through comprehensive activity trails.
PCI DSS
Covers Requirement 10 for audit trail entries, data elements, time synchronization, and log protection.
NIS2
Provides the incident detection and security event logging mandated by the EU NIS2 directive for essential entities.
Frequently asked questions
What events are logged? +
noo id logs every significant security event including all authentication attempts (successful and failed), user lifecycle events (created, updated, deleted), admin actions (configuration changes, user management), session events (created, expired, terminated), MFA events, password changes, and API access. Every event includes full context including who, what, when, where, and how.
How long are audit logs retained? +
Free tier retains logs for 90 days, Starter for 180 days, Business for 1 year, and Enterprise for 7 years or custom retention. Logs can be exported at any time via API or streaming to your own storage. Extended retention is available for compliance requirements (SOC 2, HIPAA, PCI DSS often require 1-7 years).
Can I export audit logs to my SIEM? +
Yes, noo id supports real-time streaming to popular SIEM systems including Splunk, Datadog, AWS CloudWatch, Azure Monitor, Google Cloud Logging, and any system that accepts syslog or webhook events. You can also query logs via API and export to CSV or JSON for offline analysis.