Data dictionary — Activity logs
Activity logs capture security- and operations-relevant events across tenants: authentication outcomes, configuration changes, permission mutations, and sensitive data access patterns appropriate to policy. This dictionary describes common event types, required dimensions (who, what, when), and optional metadata payloads.
Compliance engineers modeling SIEM feeds should align field names here with exported schemas.
Overview
Section titled “Overview”Events are append-only from a consumer perspective; corrections appear as new entries, not silent edits to history. Payloads favor identifiers over bulky snapshots, but may include redacted diffs where they aid legitimate oversight without leaking PII to log aggregators.
Retention and export formats are tenant- and plan-dependent; this page will list guarantees as they become contractual. Correlation identifiers tying UI sessions to API calls will be documented for incident response playbooks.