Operations
Audit log
How to query your tenant's activity log. Filters, CSV exports and SIVO team traceability.
The audit log is the immutable record of every administrative action performed in your tenant. For internal audits, compliance and incident response.
What gets logged
Every action that modifies configuration or accesses sensitive data is recorded:
- Configuration changes: agents created/deleted, queues modified, IVRs published, recording policies changed, integrations added/removed.
- Sensitive data access: recording downloads, transcript reads, CSV exports.
- Security events: login, logout, failed attempts, MFA configured, password changed, session forced.
- Cross-tenant access: any SIVO team access to your account (flag
cross_tenant: true). - Integrations: OAuth with Salesforce, transcript pushes, webhooks sent.
What does NOT get logged
Trivial things don’t bloat the log:
- Dashboard page views.
- Real-time wallboard refreshes.
- Softphone heartbeats.
- Calls themselves (those live in a separate CDR).
Query the audit log
- Settings → Audit → Events.
- Available filters:
- Date range.
- User (who did the action).
- Action type (create, update, delete, access).
- Resource (agent, queue, did, ivr, recording…).
- Specific ID of the resource.
- cross_tenant flag (SIVO accesses only).
- Paginated result with diff preview.
Event structure
{
"id": "evt_audit_01H8...",
"timestamp": "2026-05-20T10:23:45.123Z",
"tenantId": "uuid",
"actor": {
"id": "uuid",
"email": "[email protected]",
"role": "admin",
"ip": "203.0.113.42",
"userAgent": "Chrome/Mac"
},
"action": "update",
"resource": {
"type": "recording_policy",
"id": "uuid"
},
"diff": {
"retention_days": { "from": 90, "to": 180 }
},
"crossTenant": false
}Before/after diff
For sensitive changes (recording policies, IVRs, user roles), SIVO saves the complete state before and after the change. This lets you:
- Know exactly what changed (not just “the IVR was modified”).
- Restore a previous value with one click.
- Compare versions side by side in the panel.
Retention
| Plan | Retention |
|---|---|
| Starter | 30 days |
| Pro | 1 year |
| Enterprise | 7 years + S3 export |
For Enterprise, logs can be exported periodically for long-term analysis.
CSV export
- Settings → Audit → Export.
- Define criteria.
- SIVO generates CSV with standard columns.
- For large volumes (>10k rows) it’s processed async and we notify by email.
SIVO team accesses
Any action by the superadmin role (SIVO team operating your tenant for support) is marked with crossTenant: true and is visible to you in your own audit log.
To review them:
- Settings → Audit → Filter by: “SIVO team accesses”.
- You see each access with timestamp, SIVO team member (their internal email), declared reason and action performed.
API access
GET /api/audit-logs?from=<iso>&to=<iso>&page=1Cursor-paginated for large volumes.
Typical use cases
- Investigate who deleted a queue yesterday at 4:30pm → filter by
action=delete, resource=queue. - Detect anomalous recording access → filter by
action=access, resource=recording+ sort by user to spot outliers. - Audit recording policy changes for a month → filter + CSV export.
- Prove to external auditor that agent X did not access data Y → specific search with permalink.