Compliance frameworks ask for an audit trail. Internal incident reviews ask for one. Auditors ask for one. Audit Trail is the answer to all of those, built into Core ISMS so it's never an integration project.
Every state-changing action across the platform writes a structured entry — asset created, risk treatment updated, control marked implemented, document approved, incident closed, user permission changed. Each entry carries who did it, when, from which IP, against which entity, and the before/after JSON for the change.
- Filterable. By action name (CONTROL_IMPLEMENTED, ASSET_UPDATED, INCIDENT_CLOSED, ...), by user, by entity, by instance, by date range. Free-text search across action, entity type, IP, user name, email, instance name.
- Ludwig attribution. Actions that originated from a Ludwig conversation carry a
viaLudwigflag and the originating thread ID. Filter to "AI-initiated actions only" to review what the assistant did on your behalf, separately from human work. - Federation-aware. Actions initiated through federated installations carry a
federationActorIdso the hub can attribute changes back to the spoke user — not just to the federation link. - Live stream. A server-sent-events endpoint lets dashboards subscribe to new entries as they happen, for real-time situational awareness on busy days.
Listed in the catalogue so the feature is discoverable, but never billed separately — every Cybsis instance carries it. This is the floor every regulated organisation needs and the foundation every audit campaign builds on. Pair it with User Activity for the per-user contribution rollup that turns the chronological log into accountability metrics.