Activity Logs

Concept

Identify unusual patterns of tool usage, verify authorized access, and detect potential data exfiltration attempts.

Meet SOC 2 requirements, support internal security reviews, and enable incident investigation with complete audit trails.

Examine request payloads, review response errors, and trace the sequence of tool calls when issues arise.

Identify frequently used tools, track usage trends over time, and measure active users per endpoint.

What Gets Logged

Viewing Activity Logs

Head to your Agent Sentinel project and select Activity Logs from the sidebar.

Use the time range selector to filter logs. You can also adjust the timezone using the timezone dropdown.

Click Filter to apply additional filters:

• Endpoint: Filter by specific MCP endpoint
• Tool: Filter by specific tool
• User: Filter by specific user
• Server: Filter by specific MCP server

Click on any log entry to expand it and view the full details:

• Request: The JSON payload sent to the tool
• Response: The JSON response returned by the tool

FAQ

Yes, activity logs can be exported for external analysis or long-term storage. Enterprise plans include log streaming to external SIEM systems.

Hanzo KMS supports PII filtering to automatically detect and mask sensitive data in request and response payloads. When enabled on an MCP endpoint, the following PII types can be redacted:

• Email addresses → [REDACTED_EMAIL]
• Phone numbers → [REDACTED_PHONE]
• Social Security Numbers → [REDACTED_SSN]
• Credit card numbers → [REDACTED_CREDIT_CARD]
• IP addresses (IPv4 and IPv6) → [REDACTED_IP]

You can configure PII filtering separately for requests and responses, and select which PII types to detect. See MCP Endpoints - PII Filtering for configuration details.

Yes, all tool invocations are logged regardless of success or failure. Failed invocations include error details in the response payload.