On this page
📝 Audit Log Observation Template
Workshop 1 — Exercise 2, Step 6
Record your audit log observations below. This serves as compliance evidence showing identity-to-action mapping within the trust boundary.
Audit Log Entries
| # | Who (Identity) | What (Action) | When (Timestamp) | Where (Repo/Branch) | Result | Evidence Notes |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | ||||||
| 3 | ||||||
| 4 | ||||||
| 5 | ||||||
| 6 |
Expected Actions to Find
During Exercise 2, you performed several actions. Find each one in the audit log:
- Secret access attempt — TestUser2 tried to add a repository secret (access denied)
- Fork attempt — EMU user tried to fork (blocked)
- Direct push to main — Push was rejected by branch protection
- Feature branch push — Push succeeded to feature branch
- Pull request created — PR opened from feature branch
- PR review status — Merge blocked until review received
Reflection
After reviewing the audit log:
- Who performed the most actions? _____
- Were any unexpected actions recorded? _____
- How would you use this data for a compliance audit? _____
- How long are audit logs retained in your enterprise? _____