Audit and reporting
The audit and reporting section covers the evidence layer of VaultPAM: the audit log that records every security-relevant event, and the session recordings that provide forensic replay of privileged sessions.
What the audit trail captures
The VaultPAM audit trail records:
- Session events -- session start, end, duration, user, resource, and recording ID
- Credential events -- checkout, check-in, rotation, and failed access attempts
- Admin mutations -- policy changes, user role changes, Safe configuration changes
- MFA events -- enrolment, verification success, verification failure
- Approval decisions -- who approved or denied a request, and when
- JIT grant events -- grant creation, approval, expiry
All events include a timestamp, actor (user or system), and the affected resource or object.
Who should read this section
- Org Admins investigating security incidents or preparing audit evidence
- Compliance officers reviewing access controls for NIS2 or SOC 2 audits
- IT operations monitoring session activity and recording access patterns
Articles in this section
- Audit log -- how to search, filter, and export audit events
- Session recordings -- how to find, play back, and share session recordings