📋 Audit Reports

Every action logged. HTML for IT audit, JSON for SIEM. ISO 27001 and GDPR compliance out of the box.

In regulated industries, "trust but verify" isn't enough — you need "verify, document, and prove." UAML's audit reporting system captures every security-relevant action with full context: who initiated it, what command was executed, what the result was, and when it happened. This isn't just logging — it's compliance-ready documentation that satisfies auditors.

Every action taken through the Security Configurator is automatically recorded in the audit log. Firewall rule changes, antivirus exclusion updates, encryption operations, Expert Mode sessions — everything gets a timestamped, structured record that's tamper-evident and searchable.

Complete Action Logging

📝 Every Action, Every Detail

Each audit log entry captures: timestamp (UTC), initiating user, action type, the exact command or configuration change, the result (success/failure), the previous state, and the new state. For Expert Mode sessions, every individual command within the session is logged separately with its own timestamp and output.

The logging is automatic and non-bypassable. There's no way to perform a security action through UAML without it being recorded. This design ensures that your audit trail is complete by construction, not by policy compliance. Even failed attempts are logged, providing visibility into unauthorized access attempts or configuration errors.

Export Formats

🌐 HTML Reports for IT Audit

Generate professional HTML reports that auditors can open in any browser. Reports include executive summary, detailed action log, risk assessment highlights, compliance checklist, and visual charts showing security posture over time. PDF export is available for archival.

📊 JSON for SIEM Integration

Export audit data as structured JSON for integration with your Security Information and Event Management (SIEM) system. Compatible with Splunk, Elasticsearch, Azure Sentinel, and any system that accepts JSON log ingestion. Supports both batch export and real-time streaming via webhook.

// Example: JSON audit log entry { "timestamp": "2026-03-14T10:15:03.456Z", "event_type": "firewall_rule_added", "user": "pavel", "session_id": "exp-2026-0314-a1b2", "action": { "type": "ufw_allow", "port": 8780, "protocol": "tcp", "source": "127.0.0.1", "direction": "incoming" }, "result": "success", "previous_state": "port 8780 blocked", "new_state": "port 8780 allowed from 127.0.0.1", "risk_level": "low", "host": "agent-host-01", "uaml_version": "1.0.0" }

Session History

The audit system maintains a complete history of all security sessions — both interactive (Expert Mode) and automated (scheduled scans, profile applications). Each session is a self-contained unit with a start time, end time, list of actions, and outcome summary. Sessions can be filtered by date range, user, action type, risk level, or result.

Full-text search across the entire audit history lets you quickly find specific events. "Show me all firewall changes in the last 30 days" or "Find all Expert Mode sessions by user admin" — queries return results in seconds, even across months of history.

Compliance Documentation

🏛️ ISO 27001

UAML audit reports map directly to ISO 27001 control objectives. Access control (A.9), cryptography (A.10), operations security (A.12), and communications security (A.13) are all covered with evidence from UAML's audit logs. The generated report includes control references, making it easy for auditors to verify compliance.

🇪🇺 GDPR

For organizations processing personal data, UAML provides GDPR-relevant audit trails: data access logs, encryption status verification, data processing records (Article 30), and breach notification support. If UAML memory contains personal data, the audit system tracks who accessed it and when.

Why It Matters

← Back to Security Configurator