Who did what,
without setting anything up.
Every organization gets an audit log out of the box: a curated, filterable record of each security and config change, with the actor — user or AI agent — and their IP, plus one-click CSV export. The zero-setup, flat-rate alternative to AWS CloudTrail.
Answering “who deleted that?” shouldn’t need Athena
CloudTrail is powerful but heavy: you configure trails, pay per event delivered, ship logs to an S3 bucket, and write Athena queries before you can see who changed what. koigrid gives every org an Audit Log the moment it exists. It’s a curated view of the platform event log — the same events that already record every mutation — filtered to the security and config changes that matter: members and roles, API tokens, resource create/delete, deploys and domains, DNS, firewall rules, spend limits and integrations. Each entry names the actor (a teammate or an API-token agent), the resource, the source IP and the time. Filter by category, action, actor or date in the dashboard or the API, and export to CSV for your compliance or SIEM. Reads never expose secrets, and only owners and admins can see it.
How koigrid compares
| koigrid | AWS CloudTrail | |
|---|---|---|
| Setup | On by default | Trails + S3 + IAM |
| Actor | User or agent + IP | IAM principal ARN |
| Query | Filters in UI/API | Athena / CloudTrail Lake |
| Export | CSV in one click | Parse S3 objects yourself |
| Pricing | Flat (included) | Per event + S3 + Athena |
| Lock-in | None (open API + CSV) | AWS format + tooling |
From public docs, 2026. v1: curated security/config changes with actor + IP + CSV. Retention policies and streaming to a SIEM are on the roadmap (today: Log Drains + Webhooks).
What you’d pay elsewhere
Org-wide audit trail with occasional exports
koigrid Audit Log
€0/mo
included in every plan, no setup
AWS CloudTrail
~$2+/mo/mo
per event + S3 storage + Athena scans to query
included & predictable
Prices are indicative; koigrid is flat-rate and EU-hosted.
An audit trail that’s ready the moment you are
Zero setup
No trails, no buckets, no IAM — every org has an audit log from the start.
Agent-native
API-token actions are attributed to the agent that made them, not just “an API call” — built for AI-operated infra.
Actor + IP
Each entry names the user or agent, the resource touched, the source IP and the exact time.
Powerful filters
Slice by category (members, tokens, security, billing…), action type, actor or date range.
CSV export
Download the filtered log as CSV — RFC-4180 and formula-injection-safe — for compliance or your SIEM.
Owner/admin only
Sensitive by design: only owners and admins can read it, and it never exposes secrets.