Comprehensive audit logging with tamper-proof storage, real-time streaming to SIEM systems, and compliance-ready event tracking for authentication, user management, and administrative activities.
Corbado provides comprehensive audit logging capabilities designed to meet your organization’s compliance and security requirements. Our audit logging system captures and securely stores all critical events across the authentication infrastructure, providing complete visibility into user activities, administrative actions, and system operations.Key features of Corbado’s audit logging include:
Complete Event Coverage: Audit logs are automatically generated for all relevant event types, including authentication events, user management operations, and administrative changes
Compliance-Ready: Designed to align with major compliance frameworks (e.g. ISO 27001 and SOC 2)
Tamper-Proof Storage: All audit logs are stored using Write-Once-Read-Many (WORM) technology, ensuring data integrity and preventing unauthorized modifications
Long-Term Retention: Audit logs are retained for up to 10 years, depending on your requirements
Real-Time Streaming: Stream audit log events to external systems like SIEM platforms for real-time monitoring and analysis
This audit logging system provides the foundation for maintaining security oversight, meeting regulatory requirements, and supporting forensic investigations when needed.
Audit logs can be customized for Enterprise Plus customers with private cloud deployments to support extended information requirements, such as HIPAA compliance data or financial transaction details when using passkeys for payment authentication.
Corbado captures audit log events from different operational areas to provide comprehensive visibility into the authentication infrastructure.The audit log covers the following event categories:
Authentication Events: User login attempts, passkey operations, among others
User Management Events: User creation, updates, status changes, plus additional user-related activities
Administrative Events: Configuration changes like Gradual Rollout rule updates, and similar operations
Each event includes detailed metadata such as timestamps, user identifiers, and contextual information for full traceability.
Authentication events are logged for all user interactions across your entire authentication infrastructure. This includes both end-users of your application using Corbado Connect and administrative users accessing the Corbado Management Console. All authentication attempts, whether successful or failed, are captured with full context to ensure complete audit coverage and support security investigations.
All audit log events can be streamed in real-time to external systems for monitoring, analysis, and compliance purposes. Our streaming implementation includes robust retry logic to ensure reliable delivery of audit events.This capability is particularly useful for feeding audit log events into your SIEM (Security Information and Event Management) system for centralized security monitoring and alerting.