Audit Trail
Xilos maintains an immutable audit trail capturing every governance action, restriction trigger, and security event.
What Is Logged
Every query that passes through Xilos generates audit entries for:
- Query received — Timestamp, user, department, organization
- Routing decision — Which model was selected, which rule matched (or default)
- Governance actions — Block, mask, flag, or unrestricted
- Restriction triggers — Which rule triggered, severity, action taken
- Guardrail alerts — PII detected, injection attempt detected, HAP detected
- Cache hit/miss — Whether the response was served from cache
- Compression applied — Token count before and after, compression ratio
- Cost — Input tokens, output tokens, total cost
- Quality scores — Faithfulness, answer relevance, context relevance
Searching and Filtering
- Navigate to Audit Logs in the sidebar.
- Filter by:
- Date range
- User
- Action type (block, mask, flag, unrestricted)
- Severity (high, medium, low)
- Rule name
- Click any entry to see the full details.
SIEM Export
Forward audit events to your SIEM platform for continuous compliance monitoring:
- Navigate to SIEM in the sidebar.
- Create a SIEM webhook with your platform's endpoint URL.
- Choose a format: CEF, Syslog, or JSON.
- Select which event types to forward.
See Set Up SIEM Export for detailed instructions.
Info: SIEM events include user email, rule name, severity, and action — giving your security team full context for investigation.
Retention
- Audit logs are retained according to your organization's retention policy
- Contact Mill Pond Research to configure custom retention periods
- SIEM export provides an independent copy for long-term archival
Compliance Reporting
Use the audit trail for:
- HIPAA audit reports
- GDPR data processing records
- SOC 2 evidence collection
- Internal security reviews
- Incident investigation