Audit logs · compliance + forensic-ready

Audit logs export compliance trail

14 event types capturados · retención hasta 7 años Elite · 4 formatos export (JSON · CSV · CEF · LEEF) · real-time streaming API Enterprise · tamper-evident hash chain forensic-grade · compliance ready RGPD + ISO 27001 + SOC 2.

Solicitar acceso API Residencia datos Compliance roadmap

14 event types capturados

auth.login.success

User login successful · IP + device + timestamp

auth.login.failed

auth.logout

User logout · manual o session expire

auth.mfa.enrolled

User activated MFA · method (TOTP/SMS/WebAuthn)

auth.password.changed

Password change · self-service or admin reset

data.patient.created

Patient record created · creator + initial fields

data.patient.read

Patient record viewed · viewer + fields accessed

data.patient.modified

Patient record modified · before/after diff + reason

data.patient.deleted

Patient record deleted · soft-delete + reason · RGPD right to erase

data.patient.exported

Patient data exported · format + recipient + RGPD Art. 20

permission.role.granted

Role granted user · granter + target + role + reason

permission.role.revoked

Role revoked user · revoker + target + role + reason

integration.webhook.sent

Webhook external service · destination + payload hash + response

system.config.changed

Configuration change · setting + before/after + admin

4 formatos export · compatibility wide

JSON Lines (.jsonl)

1 event per line · streaming-friendly · standard formato observability

CSV (.csv)

Human-readable · Excel/Sheets-compatible · útil para auditors no-técnicos

SIEM CEF (Common Event Format)

ArcSight · Splunk · IBM QRadar compatible · enterprise SOC integration

SIEM LEEF (Log Event Extended Format)

IBM QRadar native format · enterprise compliance teams

Retención + export por tier

Tier	Retención	Export method
Trial	30 días	Self-service dashboard
Starter (149€)	12 meses	Self-service dashboard + email request
Growth (299€)	24 meses	Self-service + API on-demand
Scale (599€)	36 meses	Self-service + API + email cron weekly
Elite (999€)	84 meses (7 años)	Real-time streaming API + SIEM integration
Enterprise (custom)	Custom (5-15 años)	Custom SIEM + on-premise mirror + SLA 99.99%

6 features streaming API Enterprise

Real-time API streaming

WebSocket o Server-Sent Events · events pushed <500ms desde occurrence

Cursor-based pagination

Resume desde último event si connection drop · zero data loss

Filter por event type

Subscribe solo eventos relevantes · reduce noise + cost downstream SIEM

Webhook delivery option

Alternativa streaming · POST a tu endpoint con retry exponential backoff + DLQ

Encrypted in transit + rest

TLS 1.3 · AES-256 encryption rest · keys rotation semestral

Tamper-evident hash chain

Cada event hash includes previous event hash · detect tampering · forensic-grade

Reality check · audit logs ≠ silver bullet compliance

Audit logs son necessary but not sufficient para compliance. RGPD requiere additional: DPA + AEC + policies + DPO + responses to data subject requests. ISO 27001 requiere ISMS formal. Audit logs son foundational pero piensa stack completo (ver /compliance-roadmap).

Volume vs signal: 14 event types capturan ~95% compliance-relevant activity. Resto (e.g., page views random) intentionally NOT logged · noise dilutes signal · cost increases. Si necesitas additional event types · custom Enterprise.

Hash chain limitation: tamper-evident detect tampering · no PREVENT. Si attacker compromete DB primary y rewrites todo · solo previous-hash mismatch detecta forensicamente. Pre-revenue acepto este trade-off vs full blockchain immutable storage (10x cost).

¿Tu SOC team quiere integration SIEM live?

Setup SIEM integration (Splunk · ArcSight · QRadar · Datadog · DataStream genérico) durante onboarding Enterprise. Documentation técnica + sample events + sandbox testing en <1 semana post-firma.

Reservar SIEM setup Residencia datos SSO SAML config Runbooks ops