Skip to content

Logging Systems

Three distinct logging systems are provided within the Escape platform: Audit Logs for platform-wide user actions, Activity Logs for resource-specific changes, and Scan Logs for detailed execution traces.

Audit Logs

Audit Logs are an Enterprise feature that maintains comprehensive records of all user actions performed within the Escape platform. These logs are essential for security compliance, accountability, and forensic analysis.

Access: Organization section of the platform

What is logged: Authentication events, configuration changes, resource management, and access control events (user logins, Application Profile modifications, permission changes, API key generation, etc.)

Log structure: Each entry contains timestamp, user, action type, resource, outcome, IP address, and user agent.

[2024-11-10 14:32:18 UTC] User 'alice@example.com' updated Application Profile 'Production API' (ID: app_abc123). Source IP: 203.0.113.42. Status: SUCCESS

Key capabilities:

  • Filter by date range, user, action type, resource, or outcome
  • Export in CSV, JSON, or PDF formats
  • Configurable retention (default: 365 days)
  • Meets compliance requirements (GDPR, SOC 2, ISO 27001, PCI-DSS, HIPAA)

Activity Logs

Activity Logs provide a chronological record of all changes and interactions for individual Assets and Issues, enabling teams to track progress and maintain context.

Access: Asset detail page and Issue detail page

For Assets: Status changes, ownership assignments, tag modifications, comments, and security events (new vulnerabilities, remediation progress)

[2024-11-10 09:15:22] Asset status changed from "Active" to "Under Review" by john.doe@example.com
[2024-11-10 09:16:45] Tag "critical-infrastructure" added by john.doe@example.com
[2024-11-10 10:32:11] Comment added: "Scheduling maintenance window for remediation"

For Issues: Status transitions, priority adjustments, assignments, comments, file attachments, external ticket linking (Jira, ServiceNow, Linear), and remediation evidence

[2024-11-10 11:20:33] Issue status changed from "Open" to "In Progress" by security-team@example.com
[2024-11-10 11:22:15] Comment added: "Patch scheduled for deployment on 2024-11-15"
[2024-11-10 14:45:00] File attached: remediation-plan.pdf
[2024-11-10 16:30:22] Linked to Jira ticket: SEC-1234

Key capabilities: Chronological display, comment threads, ownership tracking, compliance audit trail

Scan Logs

Scan Logs provide comprehensive execution traces for each security scan, capturing all technical details including requests sent, actions taken, and penetration testing attempts.

Access: Scan detail page within each Application Profile

Log stages: Initialization, Discovery, Crawling, Authentication, Fuzzing, Exploitation, and Agentic Reasoning

Log levels: Debug, Info, Warning, Error, Success

Log format: Standard software logging format with timestamp, level, stage, and message

[2024-11-10 12:45:32.123] [INFO] [Crawling] Navigating to https://api.example.com/v1/users
[2024-11-10 12:45:32.456] [DEBUG] [Crawling] Request headers: {"Authorization": "[REDACTED]"}
[2024-11-10 12:45:33.234] [WARNING] [Fuzzing] Rate limit detected, implementing backoff strategy
[2024-11-10 12:45:34.567] [ERROR] [Exploitation] Authentication bypass attempt failed
[2024-11-10 12:45:35.890] [INFO] [Agentic Reasoning] LLM Decision: Attempting alternative injection vector

Filtering options: By log level, stage, keyword, or timestamp

What is logged: HTTP traffic (headers, payloads, response codes), browser actions (navigation, interactions), security testing (vulnerability detection, payloads), agentic operations (LLM decisions, tool calls), and performance metrics

Main use cases:

  • Troubleshooting authentication failures and scan issues
  • Analyzing false positives
  • Understanding agentic decision-making
  • Performance optimization
  • Support collaboration

Log Level Selection

Use Info level for routine monitoring. Enable Debug level when troubleshooting or working with Escape support.

Sensitive Data

Authentication credentials and API keys are automatically redacted, but response bodies may contain sensitive information.

Best Practices

Audit Logs: Review periodically for suspicious activities, restrict access to authorized personnel, configure retention per compliance requirements, establish alerts for critical events

Activity Logs: Document actions in comments, keep statuses current, preserve historical context for knowledge transfer

Scan Logs: Enable Debug level for troubleshooting, review for performance optimization, analyze for false positives, export when working with Escape support

Enterprise Support

Contact Escape support for guidance on log configuration, retention policies, and compliance requirements.