GOVERN · AUDIT & ACCOUNTABILITY
Every action on the record. Every record provable.
Sentinel records every operator action — every search, export, and override — into an audit trail you can filter in milliseconds and prove was never altered. Accountability is what makes powerful capability safe to deploy.
Click to enlargeLive counters per category, sub-100ms filtering, anchor status in one screen.
See the whole operation at a glance — and drill in instantly.
One screen shows live action counters per category — each a one-click filter into the underlying records — with combined filtering by operator, action, resource, and time range, staying under 100 ms across a million-plus rows.
- Live counters per category, each a one-click filter into the detail
- Filter by operator, action, resource, and time range — combined
- Sub-100ms at a million-plus rows; no spinner, no slow aggregate scan
- Per-resource views built in: open any person, camera, case, or subject request and see its complete action history in place
Click to enlargeFilter to a single operator's actions in milliseconds.
Prove nothing was changed after the fact.
Sentinel hashes audit records into a tamper-evident chain and anchors a fresh root hourly to write-once storage — anyone can recompute the chain from the records alone and confirm nothing was changed.
- Audit records hashed into a continuous, tamper-evident chain
- Hourly chain root anchored to write-once (WORM) storage
- Independently recomputable — verification needs the records, not access to our systems
- Evidence-pack and subject-access bundle hashes anchored into the same chain, tying exported material back to a provable point in time
Recompute the chain yourself — you need the records, not us.
More in Accountability
The complete picture of what happened and how.
Operator session capture & replay
For the highest-assurance deployments, Sentinel can capture an operator's full shift and play it back on a scrubber — every page viewed, every export, every edit in sequence. Enabled per organization; operators always see when capture is on.
Audit anomaly surfacing
Sentinel reads its own audit trail for off-hours activity, bulk-export spikes, and person-record access outside an operator's norm — and surfaces the findings in the daily Briefing while the behavior is still recent enough to ask about.
Reason-required reads
When enabled, opening a person profile or running a search prompts the operator for a recorded justification — stored on the audit entry. The accountability record already carries the reason when a reviewer arrives.
How it works
From action to provable record.
Record
Every write across the platform routes through one central audit recorder. Actor, time, resource, IP, device, outcome — captured the moment it happens, in a single structured trail, not scattered logs.
Roll up
The dashboard reads pre-computed daily roll-ups and indexed queries, never a slow aggregate over the live table — which is how filtering across a million-plus rows stays under 100 milliseconds.
Anchor
Every hour, the audit records are hashed into a tamper-evident chain and a fresh chain root is written to write-once storage. Exported evidence and subject-access bundles are anchored into the same chain.
Verify & Review
Recompute the chain from the records to prove nothing changed, replay a full operator session for after-action review, and let the daily Briefing surface anything anomalous before it becomes a problem.
Under the hood
Specifications.
| Coverage | Every Sentinel write endpoint — searches, exports, watchlist/person edits, overrides, dismissals, sensitive-record access |
| Per-entry fields | Actor, timestamp, action, resource type + ID, originating IP, device/user-agent, success/failure, error reason |
| Resource types | Person, watchlist entry, camera, event, case, DPIA, subject-access request, breach, litigation hold, sign-in/SSO, and more |
| Dashboard performance | Pre-computed daily roll-up tables + raw indexed SQL; no COUNT(*) over large tables — sub-100ms filtering at 1M+ audit rows |
| Filtering | Per-operator, per-action, per-resource, per-time-range — combinable; per-resource history surfaced in each detail page |
| Tamper-evidence | Audit records hashed into a continuous chain (merkle-style); hourly chain root anchored to write-once (WORM) storage |
| Independent verification | Chain recomputable from the records alone — no access to vendor systems required to verify integrity |
| Bundle anchoring | Evidence-pack and subject-access export hashes (SHA-256) written into the same audit chain |
| Session capture | Full-shift capture of page views, key actions, edits, exports, dismissals; scrubber replay per operator; enabled per organization; visible to the operator |
| Reason-required reads | Optional per-org: free-text + selectable justification recorded on the audit entry when opening profiles or running searches |
| Anomaly surfacing | Off-hours and bulk-export patterns detected from the audit trail and pushed into the daily Briefing |
| Data minimization | Secrets stripped and identifiers handled carefully inside audit payloads so the log itself is not a second exposure |
| Deployment | Identical behavior in cloud, on-premise, and air-gapped — accountability does not depend on where you host |
Every capability above maps to a shipped platform feature. Anomaly surfacing is pattern-based, not a black-box model — findings are deterministic and explainable.
Govern, continued
Accountability works with the rest of Govern.
Evidence & Chain of Custody
Export any event as a sealed pack — per-file and bundle hashes, full audit trail, operator signature inside. The same chain that proves the audit log proves the evidence.
Learn moreSecurity & Identity
SAML 2.0, OIDC, SCIM provisioning, WebAuthn / FIDO2 passkeys, role-based access, and per-organization session policy. The front door that decides who can act; the audit trail records what they did.
Learn moreBriefing Mode
The auto-generated intelligence brief at every shift start — the headline, what changed overnight, the day's top actions, and the audit anomalies worth a closer look.
Learn moreSee accountability prove itself.
Request demo access and we’ll walk it end to end on live data — filter the audit dashboard down to a single operator’s actions, recompute the tamper-evident chain to confirm nothing was changed, and replay a full shift action by action.