Audit logging & retention | NexusCore Support Docs

1. Events captured

Audit logs track:

Agent sign-ins and sign-outs
Authentication method changes (MFA, SSO)
Ticket updates (status, assignee, SLA adjustments)
Knowledge edits and publication
Automation recipe changes and manual runs
API key creation, rotation, and deletion

2. Retention policy

Default retention: 400 days for enterprise, 180 days for standard plans
Optionally extend to 24 months with archival storage add-on
Deleted workspaces retain logs for 30 additional days before purge

3. Accessing logs

In-app: Settings → Security → Audit log (search, filter, export CSV)
API: GET /v1/audit-logs with filters on actor, event type, and date range
Automated delivery: enable daily S3 export via support request

4. Integrity guarantees

Logs are stored append-only with tamper-evident hashing
Server clock synchronized via NTP; entries timestamped in UTC
Admin actions require MFA re-authentication for destructive changes

5. Compliance alignment

Supports SOC 2, ISO 27001, and GDPR audit requirements
Includes IP address and user agent for access events
Retention exceptions documented in customer-specific DPA amendments

6. Requesting investigations

Email security@nexuscore.cloud with incident timestamp, suspected actors, and scope. The security team can provide signed exports and attestations within one business day.

1. Events captured

Audit logs track:

Agent sign-ins and sign-outs
Authentication method changes (MFA, SSO)
Ticket updates (status, assignee, SLA adjustments)
Knowledge edits and publication
Automation recipe changes and manual runs
API key creation, rotation, and deletion

2. Retention policy

Default retention: 400 days for enterprise, 180 days for standard plans
Optionally extend to 24 months with archival storage add-on
Deleted workspaces retain logs for 30 additional days before purge

3. Accessing logs

In-app: Settings → Security → Audit log (search, filter, export CSV)
API: GET /v1/audit-logs with filters on actor, event type, and date range
Automated delivery: enable daily S3 export via support request

4. Integrity guarantees

Logs are stored append-only with tamper-evident hashing
Server clock synchronized via NTP; entries timestamped in UTC
Admin actions require MFA re-authentication for destructive changes

5. Compliance alignment

Supports SOC 2, ISO 27001, and GDPR audit requirements
Includes IP address and user agent for access events
Retention exceptions documented in customer-specific DPA amendments

6. Requesting investigations

Email security@nexuscore.cloud with incident timestamp, suspected actors, and scope. The security team can provide signed exports and attestations within one business day.