Skip to content

Feature: Tamper-evident audit log export (JSON-LD / PDF / SIEM formats) #2

Description

@cdzzy

Problem

traceshield's hash-chain provides tamper detection, but compliance teams need to export audit logs in formats that external auditors and SIEM systems can consume. Without standardized export, it's hard to pass SOC 2 Type II audits.

Proposed Solution: Compliance Export API

const exporter = new TraceShieldExporter(recorder)

// Export for SOC 2 Type II audit
const soc2Report = await exporter.export({
  format: "soc2-json",
  period: { from: new Date("2026-01-01"), to: new Date("2026-03-31") },
  includeIntegrityProof: true,  // Include hash-chain verification
})

// Export to SIEM (Splunk/Datadog format)
const siemLogs = await exporter.export({
  format: "siem-cef",  // Common Event Format
  streaming: true,
  outputPath: "/audit-logs/q1-2026.cef"
})

// Verify integrity of exported log file
const verification = await exporter.verifyExport("audit-2026-q1.json")
console.log(verification.integrityValid)  // true/false

Standard Formats to Support

  • JSON-LD: Machine-readable, W3C Provenance standard
  • CEF (Common Event Format): Splunk, ArcSight, IBM QRadar
  • PDF: Human-readable compliance reports

Why This Matters

Without export, compliance teams cannot share audit evidence with external auditors.
This is the gap between "we have audit logs" and "we passed SOC 2 Type II".

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions