Skip to main content
TrueFoundry provides comprehensive audit logging that tracks all activities performed on the platform. Audit logs help you monitor user actions, track changes to resources, maintain compliance, and troubleshoot issues by providing a complete history of platform activities.

Overview

Audit logs capture detailed information about every action performed on the TrueFoundry platform, including:
  • User actions - Who performed what action and when
  • Resource changes - Creation, updates, and deletions of deployments, workspaces, integrations, and more
  • API activity - All API calls made to the platform
  • System actions - Automated actions performed by Autopilot and other system components

Accessing Audit Logs

To access audit logs, navigate to Platform > Access > Audit Logs in the TrueFoundry dashboard.
TrueFoundry Audit Logs dashboard interface

Audit Logs dashboard showing activity summary, chart, and detailed log table

View Modes

The audit logs interface provides three different view modes to analyze platform activities:

Activity View

The Activity View (default) provides a comprehensive overview of all platform activities. This view includes:
  • Activity Summary - A categorized list of all action types with their counts
  • Activity Chart - A visual timeline showing activity volume over time
  • Detailed Log Table - A chronological list of all activities with complete details

User View

The User View organizes activities by user, making it easy to track what actions specific users have performed on the platform.

Autopilot View

The Autopilot View filters activities to show only automated actions performed by TrueFoundry’s Autopilot feature, such as:
  • Automatic recommendations
  • Virtual account token synchronization
  • Automated deployments and updates

Activity Summary

The Activity Summary panel on the left side of the dashboard shows all action types with their total counts. Common action types include:
  • Apply Provider Integration - Changes to cloud provider integrations
  • Delete Provider Integration - Removal of provider integrations
  • Apply Provider Account - Updates to provider account configurations
  • Create Deployment - New deployment creations
  • Apply Workspace - Workspace configuration changes
  • Delete Workspace - Workspace deletions
  • Delete Provider Account - Removal of provider accounts
  • Apply Recommendation - Autopilot recommendations applied
  • Create Or Update Gateway - Gateway configuration changes
  • Delete Application - Application deletions
You can filter the view by selecting or deselecting specific action types using the checkboxes next to each action.

Activity Chart

The activity chart provides a visual representation of platform activity over time. The chart shows:
  • Time Range - Selectable time periods (e.g., Last 30 days, Last 7 days, Custom range)
  • Activity Volume - The number of activities plotted over time
  • Trends - Visual patterns that help identify peak activity periods and unusual spikes
Use the time range selector in the top right to adjust the time period displayed in the chart.

Detailed Log Table

The detailed log table provides granular information about each activity. Each log entry includes:
  • ACTION - The type of action performed (e.g., “Apply Provider Integration”, “Create Deployment”)
  • RESOURCE - The resource that was affected, including its name and type
  • API ROUTE - The API endpoint that was called
  • USER - The user or system component that performed the action
  • TIMESTAMP - When the action occurred (displayed as relative time, e.g., “8m ago”, “16m ago”)
Actions performed by Autopilot are clearly marked with a warning icon to distinguish them from user-initiated actions.
The audit logs interface provides several filtering options:
  • Action Type Filter - Use the checkboxes in the Activity Summary panel to show or hide specific action types
  • Time Range Filter - Select from predefined ranges (Last 7 days, Last 30 days) or specify a custom date range
  • Advanced Filters - Use the Filter button to apply additional filters based on:
    • User
    • Resource type
    • API route
    • Date range

Use Cases

Audit logs are essential for:

Security and Compliance

  • Security Audits - Track who accessed what resources and when
  • Compliance Reporting - Generate reports for regulatory requirements
  • Anomaly Detection - Identify unusual patterns or unauthorized access attempts
  • Incident Investigation - Investigate security incidents by reviewing activity history

Troubleshooting

  • Debug Issues - Trace the sequence of actions that led to a problem
  • Change Tracking - Understand what changes were made to resources
  • System Behavior - Monitor automated actions performed by Autopilot

Operational Monitoring

  • Activity Patterns - Understand usage patterns and peak activity times
  • Resource Management - Track resource creation, updates, and deletions
  • User Activity - Monitor user actions for capacity planning and training

Best Practices

  1. Regular Review - Periodically review audit logs to identify unusual patterns or unauthorized activities
  2. Retention Policy - Understand your audit log retention period and export important logs if needed
  3. Access Control - Ensure only authorized personnel have access to audit logs
  4. Integration - Consider integrating audit logs with your SIEM (Security Information and Event Management) system for centralized monitoring
  5. Alerting - Set up alerts for critical actions or unusual patterns detected in audit logs

Exporting Audit Logs

Audit log export functionality allows you to download log data for external analysis, compliance reporting, or archival purposes. Contact your TrueFoundry administrator or support team for details on exporting audit logs.

API Access

For programmatic access to audit logs, you can use the TrueFoundry API. Refer to the API Reference for detailed endpoint documentation.
Access to audit logs via API requires appropriate permissions. Ensure your API keys or authentication tokens have the necessary access rights.