Audit Logging
Audit logging
Hal records every action it takes against every tenant — every API call, every report sent, every alert fired, every admin login. The records are retained for the windows most cyber-insurance carriers ask for in their renewal questionnaires.
What’s recorded:
- Every Microsoft 365 / Google Workspace ingest cycle (per tenant, per content type)
- Every alert fired (with the source events and the remediation served)
- Every report generated and where it was delivered
- Every admin action in the Hal portal
Tenant prerequisites: the customer’s tenant must have audit logging enabled before Hal can pull from it. See the Audit Logging Prerequisites doc for what to enable and how to verify.
Marketing detail page coming soon.