Docs/Controls/AGENT_AUDIT_LOGGING

AGENT_AUDIT_LOGGING

Verify AI agent actions produce immutable audit logs with full provenance chains.

Framework Mappings

AIUC-1 E005 — LoggingSOC 2 CC7.2 — Logging & MonitoringOWASP Agentic ASI10 — Rogue Agents

Claude CodeLangChainCrewAIAutoGenMCP

RequiredWeight: 0.3

Pass:Middleware captures all agent actions, tool calls, model invocations

Fail:No logging middleware

RequiredWeight: 0.25

Pass:All required fields: action, agent identity, inputs, outputs, tools, timestamps

Partial:Some fields missing but basic logging present

Fail:Minimal or no structured schema

Weight: 0.25

Pass:Append-only/write-once storage (S3 Object Lock, CloudWatch Logs)

Partial:Centralized but not immutable

Fail:Local mutable logs

Weight: 0.2

Pass:Full provenance with correlation IDs and trace/span linking

Partial:Basic logging without correlation

Fail:No provenance tracking

Connect your repos and Brigs evaluates AGENT_AUDIT_LOGGING across all your agent configurations.