Skip to main content
To give you visibility over the changes that are made within your incident.io account, we use an audit log. Our audit log is powered by WorkOS . The log is available for customers on our Enterprise plan . The audit log contains information about any configuration changes, as well as changes to a user’s permissions (e.g. being given a new role, or access to a private incident). Each entry will have an actor (the person or system that made the change) and one or more targets (a thing that was modified by this change). The entry will also include the Location and User Agent of the actor, where applicable. Each entry will conform to a schema, which is documented here. It also has a version, so that if our schema changes over time you’ll still be able to parse old events. We’ll retain these entries for one year. Audit log entries start from 18 April, 2023 (there are no entries available from before that date).

Viewing your audit log

You can view your audit log via our security settings page. From there, you’ll be able to:
  • View the entries via a web interface (filterable by target, event type, actor and date)
  • Export the entries for a given time period to a CSV
  • Set up a log stream to a SIEM provider of your choice (e.g. Datadog, Splunk or an Amazon S3 bucket)
Please note that you must be an Owner or Admin to access audit logs. You can see the details of each of the log entries that are emitted in our API Docs . ​