Logs

Yes, all critical security events in our production environment are comprehensively logged and monitored. This includes:

• Authentication Events: All user authentication attempts, both successful and failed, are logged via Google Cloud Audit Logs and our integrated identity access management tools.

• SSH Sessions: SSH access to production systems is tightly restricted and rarely used. When required, all SSH access is logged, and session activity (including commands executed) is recorded using GCP’s logging infrastructure.

• Privilege Elevations: Any privilege elevation, such as use of sudo or changes to IAM roles and permissions, is automatically tracked through Cloud Audit Logs, ensuring full traceability of administrative actions.

• Log Access Control: Access to production logs is strictly limited to a small number of authorized personnel. Role-based access controls (RBAC) in GCP ensure that only relevant team members with a legitimate operational need can view or query sensitive logs. All access to logs is itself auditable and monitored.

Logs are securely stored, timestamped, and retained according to our internal policy. They are regularly reviewed and used for security monitoring, incident response, and compliance verification. Anomalies and suspicious events are flagged through our observability stack, which includes Atatus, Cloudflare, and GCP-native monitoring tools.