Helix Corporate

Audit Log

Track and monitor all actions and changes in your organization.

The Audit Log provides a complete record of all significant actions taken within your organization.

Why Audit Logs?

Audit logs help you:

  • Track changes: See who changed what and when
  • Investigate issues: Understand what happened leading up to a problem
  • Compliance: Maintain records for regulatory requirements
  • Security: Detect unauthorized or suspicious activity

Logged Events

The audit log captures various event types:

User Events

EventDescription
user_invitedA new user was invited to the organization
role_changedA user's role was modified
user_disabledA user's access was disabled

Policy Events

EventDescription
policy_createdA new policy was created
policy_updatedA policy was modified or published

Trip Events

EventDescription
trip_submittedA trip request was submitted
trip_approvedA trip was approved
trip_rejectedA trip was rejected

Finance Events

EventDescription
cost_code_createdA new cost code was added
export_createdData was exported

System Events

EventDescription
domain_verifiedAn email domain was verified
settings_updatedOrganization settings were changed

Understanding Log Entries

Each log entry contains:

FieldDescription
EventThe type of action that occurred
CategoryGrouping for the event type
ActorWho performed the action (email and role)
ResourceWhat was affected (type and ID)
DetailsAdditional context as JSON payload
TimestampWhen the action occurred

Reading Event Details

The Details column shows a JSON payload with event-specific information:

{
  "role": "travel_admin",
  "invited_email": "[email protected]",
  "invited_by": "[email protected]"
}

This helps you understand the full context of each action.

Filtering Logs

Use the search bar to find entries by:

  • Event type
  • Actor email
  • Resource type
  • Details content

Event Type Filter

Filter to specific event types:

  1. Click the Filter by event dropdown
  2. Select an event type
  3. The table updates to show only matching entries

Reading the Audit Log

Identifying Patterns

Look for:

  • Unusual timing: Actions outside business hours
  • Bulk changes: Many similar actions in sequence
  • Failed attempts: Repeated access issues
  • Policy changes: Who modified what and why

Investigating Issues

To investigate a specific incident:

  1. Note the approximate time of the issue
  2. Filter or search for relevant events
  3. Review the actor and details
  4. Trace the sequence of events

Common Investigations

"Who changed the policy?"

  1. Filter by policy_updated
  2. Find the relevant timestamp
  3. Check the actor email

"Why was this user disabled?"

  1. Search for the user's email
  2. Find the user_disabled event
  3. Check who performed the action

"What happened to this trip?"

  1. Search for the trip ID or traveler email
  2. Review all related events
  3. Check approval/rejection details

Audit Log Limits

  • Retention: Logs are kept for the duration of your subscription
  • Display: The most recent 100 entries are shown by default
  • Export: Contact support for full log exports

Best Practices

Regular Review

  • Weekly: Quick scan for unusual activity
  • Monthly: Review policy and role changes
  • Quarterly: Comprehensive security review

Access Control

  • Limit who can view audit logs
  • Audit log access is typically for Owners and Travel Admins
  • Consider who needs visibility for compliance

Documentation

When investigating:

  1. Note the relevant log entries
  2. Document your findings
  3. Take action if issues are found
  4. Record the resolution

Compliance

For regulated industries:

  • Know your log retention requirements
  • Establish regular review procedures
  • Document your audit review process
  • Export logs periodically for archival

Security Considerations

What to Watch For

  • Multiple role changes in quick succession
  • Disabled users being re-enabled
  • Policy changes without change notes
  • Actions from unexpected email addresses
  • Settings changes outside change windows

Responding to Issues

If you detect suspicious activity:

  1. Document what you found
  2. Disable any compromised accounts
  3. Review and revert unauthorized changes
  4. Contact your IT security team
  5. Report to Helix support if needed

Notifications

Manage email notifications and notification preferences.

Troubleshooting

Common issues and solutions for using Helix Corporate Concierge.

On this page

Why Audit Logs?Logged EventsUser EventsPolicy EventsTrip EventsFinance EventsSystem EventsUnderstanding Log EntriesReading Event DetailsFiltering LogsSearchEvent Type FilterReading the Audit LogIdentifying PatternsInvestigating IssuesCommon InvestigationsAudit Log LimitsBest PracticesRegular ReviewAccess ControlDocumentationComplianceSecurity ConsiderationsWhat to Watch ForResponding to Issues