Audit Logs

NodeLoom maintains a complete activity trail for every action in your workspace. Audit logs are tamper-evident, support compliance reporting across major frameworks, and integrate with popular SIEM platforms.

Tamper-Evident Logging

Every audit log entry is cryptographically linked to the previous entry, creating a tamper-evident chain. If any entry is modified or removed, the integrity check for all subsequent entries will fail.

If any entry in the chain is modified or deleted, the hash verification for all subsequent entries will fail, making tampering immediately detectable.

Audit log entry structure

{
  "id": "audit_9f8e7d6c",
  "timestamp": "2026-02-17T14:30:00Z",
  "actor": "user@example.com",
  "action": "WORKFLOW_ACTIVATED",
  "resource": "wf_abc123",
  "details": {
    "workflowName": "Customer Onboarding",
    "previousState": "DRAFT"
  },
  "integrity": "verified"
}

Integrity Verification

Admins can verify the integrity of the entire audit log chain at any time from the Audit Logs settings page. The verification process recomputes every hash in the chain and reports any inconsistencies.

Integrity Chain Rebuild

In exceptional circumstances (such as database restoration from a backup), the integrity chain may need to be rebuilt. This operation recomputes all entries from the beginning and should only be performed by system administrators. A rebuild event is itself logged as an audit entry.

Rebuild implications

Rebuilding the integrity chain invalidates any previously exported verification proofs. External auditors should be notified if a rebuild occurs.

Compliance Reports

NodeLoom can generate compliance reports mapped to specific regulatory frameworks. Reports aggregate relevant audit log entries, access patterns, and security configurations into a structured document.

Framework	Coverage
SOC 2	Access controls, change management, system operations, logical access monitoring.
GDPR	Data access logs, PII processing records, consent tracking, data deletion audit trail.
HIPAA	PHI access logs, user authentication events, system access controls, encryption status.
PCI-DSS	Credential access logs, encryption verification, network segmentation evidence, vulnerability management.
ISO 27001	Information security controls, risk assessment evidence, incident response logs, access management.

All compliance reports can be exported as PDF documents for sharing with auditors, legal teams, or regulatory bodies. Reports include timestamps, integrity verification status, and a summary of findings.

Scheduled reports

Configure automated compliance report generation on a weekly or monthly schedule. Reports are emailed to designated compliance contacts automatically.

Data Retention Policies

Data retention policies control how long different types of data are kept in NodeLoom. Each data type can have its own retention period, allowing you to balance storage costs with compliance requirements.

Data Type	Configurable
Audit logs	Yes
Execution history	Yes
Workflow versions	Yes
Debug logs	Yes
Webhook payloads	Yes
Chat/widget sessions	Yes

Default retention periods are applied automatically. Admins can adjust retention settings per data type from the workspace settings.

Auto-Purge

When data exceeds its retention period, NodeLoom's auto-purge process removes it. Before any purge runs, a preview is generated showing exactly what will be deleted, including record counts and date ranges. Admins must confirm the purge or it can be configured to run automatically after a review period.

Legal hold

Data subject to a legal hold is excluded from auto-purge regardless of retention settings. Contact your admin to place or remove legal holds.

SIEM Integration

NodeLoom can forward audit log events to external Security Information and Event Management (SIEM) platforms in real time. This allows your security team to correlate NodeLoom activity with events from other systems.

Platform	Protocol	Configuration
Splunk	HTTP Event Collector (HEC)	Provide your Splunk HEC URL and token. Events are sent as JSON.
Datadog	Datadog Logs API	Provide your Datadog API key and site. Events include structured tags.
Elasticsearch	Bulk API	Provide your Elasticsearch endpoint and index name. Supports API key or basic auth.
Custom Webhook	HTTP POST	Send events to any HTTP endpoint. Supports custom headers and authentication.

Test, Export, and Manage

Each SIEM integration supports the following management operations:

Test connection: Send a test event to verify connectivity and authentication before enabling the integration.
Export historical logs: Backfill your SIEM with historical audit log data for a specified date range.
Enable/disable: Toggle integrations on or off without deleting the configuration. Disabled integrations retain their settings for easy re-activation.

Configuration

SIEM integrations are configured from the workspace settings page. Each integration requires a destination URL, authentication credentials, and optional event filters.

RBAC

Encryption