Audit log

Zahen keeps an audit log of meaningful activity across the workspace. It is append-only: entries can never be edited or deleted, by anyone. This makes it a reliable record for compliance reviews, access audits, and investigating unexpected behaviour.

Platform admins and security admins can view the full audit log. Department admins can view activity within their own department.

What is recorded

The audit log captures:

Sign-ins — successful and failed authentication attempts, including MFA.
Questions asked — each query submitted to the assistant, the role of the user, and the documents retrieved to build the answer.
Document access — when a document is opened or returned as a source.
Tool calls — every call an agent made to a registered tool, the tool name, the input parameters (with any sensitive values redacted), and the outcome.
Approval decisions — who approved or rejected a paused action, when, and what the decision was.

Filtering the log

Use the filter bar to narrow the log by date range, event type, user, or department. This is useful when you need to answer a specific question — for example, which users accessed a document in a given period, or whether a tool was called outside expected hours.

Exporting to CSV

Select the date range and any filters you want, then choose Export to CSV. The download contains the same columns visible on screen. Use this for offline review, feeding a SIEM, or sharing a snapshot with an auditor.

Usage and cost view

Alongside the activity log there is a Usage view, accessible from the same admin area. It shows LLM usage (number of requests, tokens in and out) and estimated cost, broken down by time period and — where applicable — by department or workflow. This is useful for spotting unusual spikes in activity and for tracking spend against budget.