Audit logs & Query history

Audit logs and query history provide the complete, tamper-evident record of activity within your GLBNXT Platform environment. Every significant action taken by users, applications, and platform services is captured, timestamped, and retained as part of an immutable audit trail. This record supports regulatory compliance, internal governance, security incident investigation, and the operational visibility your team needs to understand exactly what has happened in your environment at any point in time.

On GLBNXT Platform, audit logging is active by default from the moment your environment is provisioned. There is no configuration required to begin capturing audit data, and no activity that falls outside the scope of the audit trail by default.

What Is Logged

The audit trail on GLBNXT Platform captures events across every layer of the environment. Log coverage includes the following categories.

Authentication and access events capture every login attempt, successful or failed, along with session establishment and termination, MFA verification outcomes, and SSO authentication events processed through your identity provider integration.

User and administrative actions capture changes made to user accounts, role assignments, environment configuration, access control policies, and any other administrative action performed through the platform console or the platform API.

Model inference requests capture a record of every request made to a model endpoint within your environment, including the timestamp, the requesting user or service account, the model endpoint called, and, depending on your compliance configuration, the request and response content.

Data access events capture access to data services within your environment, including queries to Postgres databases, retrieval operations against vector databases, and read and write operations to MinIO object storage.

Secrets vault access captures every instance of a workload or service authenticating to the secrets vault and retrieving a credential, along with the identity of the requesting entity and the secret name accessed.

Workflow and agent executions capture the initiation, progress, and completion of workflow automation runs and agent task executions, including the steps taken, tools called, and outcomes produced at each stage.

API calls capture requests made to platform API endpoints from external systems, including the calling identity, the endpoint accessed, and the response status.

Audit Log Integrity

Audit logs on GLBNXT Platform are immutable once written. No user, including platform administrators, can modify or delete audit log entries. This immutability is a requirement for audit logs to serve as reliable evidence in compliance assessments, regulatory enquiries, or internal investigations.

Log integrity is maintained through the platform's centralised log management infrastructure, which is separate from the application and operational components of the environment. The separation ensures that a security incident affecting application workloads cannot affect the completeness or integrity of the audit record.

Query History

Query history provides a detailed record of the questions, prompts, and interactions that users and applications have submitted to AI models within your environment. For organisations subject to regulatory requirements that mandate records of AI system inputs and outputs, query history provides the evidence base needed to demonstrate that AI processing activities are traceable and reviewable.

Query history captures the following for each model interaction:

• Timestamp of the request

• Identifier of the user or service account that submitted the request

• The model endpoint called

• The input submitted to the model

• The output returned by the model

• Latency and token consumption for the interaction

The retention of input and output content in query history is configurable based on your compliance requirements and data protection obligations. For environments processing personal data through AI model interactions, query history retention policies should be aligned with your data processing agreement and your organisation's data minimisation obligations under GDPR.

Accessing Audit Logs

Audit logs are accessible through the Monitoring and Observability area of the platform console. Logs are searchable and filterable by event type, time range, user identity, resource accessed, and other relevant attributes. This allows your compliance, security, or operations teams to retrieve specific log records quickly without needing to review the full audit stream.

Access to audit logs within the platform console is governed by role-based access controls. Administrator accounts have full access to the complete audit trail. Developer and standard user accounts do not have access to audit log data by default, preventing application team members from viewing the activity records of their colleagues or modifying their own access history.

Exporting Audit Logs

For organisations that need to integrate audit log data with existing compliance, SIEM, or log management tooling, GLBNXT Platform supports audit log export. Logs can be exported in structured formats compatible with common log management platforms and SIEM solutions.

Log export can be configured as a continuous stream that forwards new audit events to your external tooling in near real time, or as a scheduled batch export that delivers log data at defined intervals. Contact your GLBNXT contact to discuss the appropriate export configuration for your environment and your tooling.

Retention Policies

Audit logs are retained for a minimum period defined in your service agreement, aligned with the regulatory requirements applicable to your environment. The default retention period is designed to satisfy common compliance frameworks including GDPR, ISO 27001, and NIS2.

If your organisation requires a longer retention period to satisfy sector-specific regulatory obligations or internal governance requirements, extended retention can be configured for your environment. Discuss your retention requirements with your GLBNXT contact during onboarding to ensure that the retention policy applied to your environment meets your obligations from day one.

Log data that has passed its retention period is deleted permanently and securely in accordance with the data destruction standards applied across the GLBNXT Platform infrastructure.

Using Audit Logs for Compliance

Audit logs on GLBNXT Platform are designed to support the evidence requirements of common compliance frameworks and regulatory obligations.

GDPR requires organisations to maintain records of processing activities and to be able to demonstrate that personal data is processed lawfully, fairly, and transparently. Audit logs provide evidence of who accessed personal data, when, and for what purpose, supporting both internal accountability and regulatory enquiry responses.

ISO 27001 requires organisations to maintain audit logs of user activities, exceptions, and information security events, and to protect log information from tampering and unauthorised access. The platform's immutable, access-controlled audit trail directly satisfies these requirements at the platform layer.

NIS2 requires operators of essential and important services to maintain logging and monitoring capabilities sufficient to detect and investigate security incidents. The platform's comprehensive audit coverage and SIEM integration capabilities support NIS2 incident detection and reporting obligations.

Sector-specific regulations in financial services, healthcare, and public sector frequently impose additional logging and record-keeping requirements. If your organisation operates under sector-specific obligations that go beyond the default platform logging configuration, contact your GLBNXT contact to confirm that your environment is configured to meet those requirements.

Using Audit Logs for Security Investigation

In the event of a suspected security incident, the audit trail provides the primary data source for investigating what happened, when, and which resources were affected. The combination of authentication events, data access records, API call history, and secrets vault access logs gives your security team the forensic visibility needed to reconstruct the sequence of events leading to and following a security incident.

When investigating a security event, the recommended approach is to begin with the authentication logs for the relevant time window, identify any anomalous access patterns, cross-reference those patterns with data access and API call logs, and trace the activity of any suspicious identities across the full audit trail for the period in question.

For platform-level security incidents, GLBNXT's security team will conduct its own investigation using the platform audit infrastructure and share relevant findings with your organisation through the incident response process described in the Security Architecture section.