Audit Logs

Audit logs provide a tamper-proof record of every significant action taken in your Terracotta organization, giving you full visibility into who did what and when.

🚀 Overview

Every authentication event, configuration change, review trigger, and billing action is captured in a centralized audit log. Audit logs are available on Enterprise plans and retained for 12 months.

🔍 Event Categories

Each event includes a timestamp, the acting user, the target resource, the originating IP address, and the user agent string.

🛠️ Using the Audit Log UI

Navigate to Settings > Audit Logs to access the log viewer.

Filtering

• Date range — narrow results to a specific time window
• Event type — filter by category (e.g., Authentication, Drift)
• User — isolate actions from a specific team member

Event Details

Expand any event row to see the full payload, including:

• IP address and user agent
• Affected resource identifiers
• Before/after values for configuration changes
• Request metadata (API key ID, session ID)

🔐 API Access

Audit logs are available via the Terracotta API for integration with your SIEM, log aggregation platform, or compliance tooling.

curl -H "Authorization: Bearer $TERRACOTTA_API_KEY" \
  https://api.terracotta.ai/v1/audit-logs?from=2026-01-01&to=2026-03-01

Export audit logs to tools like Splunk, Datadog, or Elastic for long-term retention and cross-correlation with other security signals.

📋 TL;DR

• Audit logs capture every significant action across your organization
• Available on Enterprise plans with 12-month retention
• Filter by date range, event type, or user in the UI
• Expand any event for full details including IP, user agent, and affected resources
• Access logs programmatically via the API for SIEM integration