QEHSadmin guide
Audit log review
Who did what and when. Filter by actor, action, resource, date range, and export as CSV or SIEM feed.
7 min read · 3 sections
What is recorded
- Every create / update / delete on records and Composer definitions.
- Every login, logout, failed-login, and SSO handshake.
- Every settings change — members, SSO, branding, feature overrides, billing.
- Every API key issuance and revocation.
- Every data export (with the filter that scoped it).
Reviewing
Open /settings/audit. Default view is the last 7 days. Filters: actor, action, resource type, location, date range. The table is server-paginated — 100 rows / page, back-fill via "Load more".
Retention & export
| Plan | Retention | Export |
|---|---|---|
| Free | 30 days | CSV |
| Team | 90 days | CSV + scheduled email |
| Business | 1 year | CSV + scheduled email + webhook |
| Enterprise | Configurable (1–7 years) | CSV + webhook + SIEM feed (Splunk HEC, Sentinel, Elastic) |