get_audit_log
Retrieve audit log entries from PolicyGuard to monitor compliance, investigate policy violations, and track administrative actions with customizable filters.
Instructions
Retrieve audit log entries for compliance and investigation.
The audit log records all action validations, policy violations, and administrative actions performed through Guardian Agent.
Args: agent_id: Filter by specific agent ID (optional) action_type: Filter by action type like "tool_call", "resource_access" (optional) time_range: Time range to query - "1h", "24h", "7d", "30d" (default: "24h") status: Filter by status - "allowed", "denied", or "" for all (optional) limit: Maximum number of entries to return (default: 100)
Returns: JSON string with: - entries: Array of audit log entries - count: Number of entries returned - total: Total entries matching filter (before limit) - time_range: The time range used - filters_applied: Summary of filters used
Example: # Get all denied actions in the last hour get_audit_log(time_range="1h", status="denied")
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| agent_id | No | ||
| action_type | No | ||
| time_range | No | 24h | |
| status | No | ||
| limit | No |