Audit Log

Who did what,
without setting anything up.

Every organization gets an audit log out of the box: a curated, filterable record of each security and config change, with the actor — user or AI agent — and their IP, plus one-click CSV export. The zero-setup, flat-rate alternative to AWS CloudTrail.

Answering “who deleted that?” shouldn’t need Athena

CloudTrail is powerful but heavy: you configure trails, pay per event delivered, ship logs to an S3 bucket, and write Athena queries before you can see who changed what. koigrid gives every org an Audit Log the moment it exists. It’s a curated view of the platform event log — the same events that already record every mutation — filtered to the security and config changes that matter: members and roles, API tokens, resource create/delete, deploys and domains, DNS, firewall rules, spend limits and integrations. Each entry names the actor (a teammate or an API-token agent), the resource, the source IP and the time. Filter by category, action, actor or date in the dashboard or the API, and export to CSV for your compliance or SIEM. Reads never expose secrets, and only owners and admins can see it.

How koigrid compares

koigridAWS CloudTrail
SetupOn by defaultTrails + S3 + IAM
ActorUser or agent + IPIAM principal ARN
QueryFilters in UI/APIAthena / CloudTrail Lake
ExportCSV in one clickParse S3 objects yourself
PricingFlat (included)Per event + S3 + Athena
Lock-inNone (open API + CSV)AWS format + tooling

From public docs, 2026. v1: curated security/config changes with actor + IP + CSV. Retention policies and streaming to a SIEM are on the roadmap (today: Log Drains + Webhooks).

What you’d pay elsewhere

Org-wide audit trail with occasional exports

koigrid Audit Log

€0/mo

included in every plan, no setup

AWS CloudTrail

~$2+/mo/mo

per event + S3 storage + Athena scans to query

included & predictable

Prices are indicative; koigrid is flat-rate and EU-hosted.

An audit trail that’s ready the moment you are

Zero setup

No trails, no buckets, no IAM — every org has an audit log from the start.

Agent-native

API-token actions are attributed to the agent that made them, not just “an API call” — built for AI-operated infra.

Actor + IP

Each entry names the user or agent, the resource touched, the source IP and the exact time.

Powerful filters

Slice by category (members, tokens, security, billing…), action type, actor or date range.

CSV export

Download the filtered log as CSV — RFC-4180 and formula-injection-safe — for compliance or your SIEM.

Owner/admin only

Sensitive by design: only owners and admins can read it, and it never exposes secrets.