Audit Logs
Admin
The audit log is a comprehensive, immutable record of every significant action taken in HCSS Events Platform. It serves as the central source of truth for compliance auditing, security monitoring, and troubleshooting.
Navigate to Admin > Audit Logs to access the system-wide audit log.
What Gets Logged​
Every permission-protected action in the platform generates an audit log entry. This includes:
User and Authentication Events​
| Action | Description |
|---|---|
| User Login | A user successfully authenticated (including MFA completion). |
| User Login Failed | A login attempt failed due to incorrect credentials or MFA code. |
| User Logout | A user explicitly logged out. |
| Session Expired | A user's session timed out due to inactivity or maximum duration. |
| Password Changed | A user changed their own password. |
| Password Reset Requested | An admin triggered a password reset for a user. |
| Password Reset Completed | A user completed a password reset via the emailed link. |
| MFA Enrollment | A user enrolled in multi-factor authentication. |
| MFA Reset | An admin reset a user's MFA enrollment. |
| Account Created | A new user account was created. |
| Account Deactivated | A user account was deactivated. |
| Account Reactivated | A deactivated user account was reactivated. |
| Role Changed | A user's role was changed. |
Event Actions​
| Action | Description |
|---|---|
| Event Created | A new event was created. |
| Event Updated | Event details were modified. |
| Event Status Changed | An event's status transitioned (e.g., Draft to Planning). |
| Event Archived | An event was permanently archived. |
| Event Deleted | An event was deleted (only possible in Draft status). |
Caregiver and Assignment Actions​
| Action | Description |
|---|---|
| Caregiver Created | A new caregiver record was added (manually or via import). |
| Caregiver Updated | Caregiver details were modified. |
| Caregiver Imported | A batch of caregivers was imported via CSV. |
| Assignment Created | A new shift assignment was created. |
| Assignment Updated | An assignment was modified. |
| Assignment Deleted | An assignment was removed. |
Survey, Travel, and Operations Actions​
| Action | Description |
|---|---|
| Survey Sent | A survey was sent to one or more caregivers. |
| Survey Response Received | A caregiver submitted a survey response. |
| Travel Booking Created | A travel arrangement was booked. |
| Travel Booking Updated | A travel booking was modified. |
| Travel Booking Cancelled | A travel booking was cancelled. |
| Check-In Recorded | An on-site check-in was recorded for a caregiver. |
| Work Entry Created | A shift work tracking entry was recorded. |
System and Settings Actions​
| Action | Description |
|---|---|
| System Setting Changed | A system setting was modified (branding, email, security, notifications). |
| Reference Data Updated | A reference data record was added, edited, or deleted (airports, hotels, etc.). |
| Email Sent | A system email was dispatched. |
| Email Delivery Failed | An outbound email failed to deliver. |
| Report Exported | A user exported a report or data set. |
Audit Log Columns​
Each audit log entry contains the following information:
| Column | Description |
|---|---|
| Timestamp | The exact date and time the action occurred, in UTC. Displayed in the viewer's local time zone. |
| User | The name and email of the user who performed the action. |
| Role | The role the user had at the time of the action. |
| Action | The type of action performed (see categories above). |
| Entity Type | The category of object affected (e.g., User, Event, Caregiver, Assignment, SystemSetting). |
| Entity Name | The specific object affected (e.g., event name, caregiver name, setting name). |
| Details | A structured summary of what changed. For update actions, this includes before/after values for each modified field. |
| IP Address | The IP address from which the action was performed. |
| User Agent | The browser and operating system used (useful for identifying suspicious sessions). |
Filtering the Audit Log​
The audit log can grow to millions of entries over time. Use the filter controls to narrow your search:
Filter Options​
| Filter | Description | Examples |
|---|---|---|
| User | Filter by the user who performed the action. Type to search by name or email. | "Jane Doe", "jane@example.com" |
| Action | Filter by action type. Select from a dropdown of all logged action types. | "User Login", "Event Created", "System Setting Changed" |
| Entity Type | Filter by the category of object affected. | "User", "Event", "Caregiver", "Assignment", "SystemSetting" |
| Date Range | Filter by the time window in which the action occurred. Select a start date and end date. | Last 24 hours, Last 7 days, Custom range |
| IP Address | Filter by the source IP address. Useful for investigating suspicious activity from a specific location. | "192.168.1.100", "10.0.0.0/8" |
Using Filters Effectively​
- Combine filters -- all filters are additive (AND logic). For example, filtering by User = "Jane Doe" AND Action = "User Login" AND Date Range = "Last 7 days" shows only Jane's login events in the past week.
- Quick presets -- use the date range presets (Last 24 Hours, Last 7 Days, Last 30 Days, This Month, Last Month) for common time windows.
- Clear filters -- click the Clear All Filters button to reset the view to show all entries.
tip
To investigate a specific incident, start by filtering on the Date Range to narrow the time window, then add the User or Entity Type filter to focus on the relevant entries.
Viewing Entry Details​
Click on any audit log row to expand the Details panel. The details panel shows:
- Full action description -- a human-readable sentence describing the action.
- Before/After values -- for update actions, a side-by-side comparison of the old and new values for each changed field.
- Related entities -- links to the affected entities (e.g., a link to the event detail page, user profile, or caregiver record).
- Request metadata -- technical details including the API endpoint, HTTP method, and request ID (useful for developer troubleshooting).
Exporting Audit Data​
The audit log can be exported for external analysis, compliance reporting, or archival.
Export Formats​
| Format | Description | Best For |
|---|---|---|
| CSV | Comma-separated values file. Each row is one audit entry. | Spreadsheet analysis in Excel or Google Sheets. |
| JSON | Structured JSON array. Each element is one audit entry with full detail. | Integration with external SIEM tools or log aggregators. |
| Formatted report with a summary table and optional detail sections. | Compliance reporting and management reviews. |
How to Export​
- Apply the desired filters to narrow the data set. The export will include only the filtered results.
- Click the Export button in the top-right corner.
- Select the desired format (CSV, JSON, or PDF).
- For PDF exports, choose whether to include the full details or summary only.
- Click Download.
note
Exports are limited to 50,000 entries per file. If your filtered results exceed this limit, narrow the date range or add more specific filters and perform multiple exports.
Export Audit Trail​
Every export action is itself logged in the audit log. This means you can track who exported audit data, when, and what filters were applied -- important for compliance oversight.
Retention and Immutability​
- Retention period -- audit log entries are retained for a minimum of 7 years to comply with healthcare regulatory requirements.
- Immutability -- audit log entries cannot be modified or deleted by any user, including Admins. This ensures the integrity of the audit trail.
- Tamper protection -- entries are stored with integrity checksums. Any unauthorized modification of the underlying data is detectable.
Common Use Cases​
Investigating Unauthorized Access​
- Filter by Action = "User Login Failed" and review the Date Range for the suspicious period.
- Check the IP Address column for login attempts from unexpected locations.
- Cross-reference with Action = "User Login" to see if any successful logins occurred from the same suspicious IP.
- Review the affected user's activity by filtering on their name.
Tracking Configuration Changes​
- Filter by Entity Type = "SystemSetting".
- Review the Details column to see before/after values for each changed setting.
- Verify that changes were made by authorized personnel (check the User and Role columns).
Compliance Reporting​
- Set the Date Range to the reporting period (e.g., last quarter).
- Export the full log in CSV or PDF format.
- For HIPAA compliance, focus on events related to caregiver records (Entity Type = "Caregiver") and any data exports (Action = "Report Exported").
Debugging User Issues​
- Filter by the specific User who reported the issue.
- Set the Date Range to the time window when the issue occurred.
- Review the sequence of actions to understand what the user did and where the workflow may have broken.
Best Practices​
- Review the audit log regularly -- do not wait for an incident. Conduct weekly or monthly reviews of key action types (logins, setting changes, data exports).
- Set up alerts for sensitive actions -- use the notification settings to receive alerts for high-risk actions like role changes, system setting modifications, and failed login spikes.
- Export for off-site backup -- periodically export audit data to an external system for redundancy. While the platform retains logs for 7 years, maintaining your own backup ensures access even if the platform is unavailable.
- Document your audit procedures -- create a standard operating procedure for how your organization reviews and responds to audit log findings. This is valuable for regulatory audits.
- Train your team -- ensure that all Admin users understand how to use the audit log and what to look for during routine reviews.
Next Steps​
- User Management -- investigate specific users identified in the audit log.
- System Settings -- review settings that may have been changed.
- Email Outbox -- investigate email delivery issues identified in the audit log.