GRGrim Ringrimlabs.hashnode.dev·Mar 29 · 6 min readWhy We Open-Sourced Our Audit Logging Instead of Using SplunkThe quote from Splunk came in at $96,000 per year. For audit logging. Our CTO read the email, looked at me and said "we can build this." And for once, he was right. Sort of. The Enterprise Pricing Problem If you've ever priced enterprise logging solu...00
GRGrim Ringrimlabs.hashnode.dev·Mar 29 · 6 min read5 Things That Will Fail Your SOC 2 Audit (That Nobody Warns You About)We passed our SOC 2 Type II audit on the second attempt. The first attempt, we failed. And the things that tripped us up were not the things any blog post had warned us about. Everyone writes about "implement access controls" and "encrypt data at res...00
GRGrim Ringrimlabs.hashnode.dev·Mar 29 · 6 min readOur Auditor Asked How We Prove Logs ArenWe were 4 months into our SOC 2 audit when the auditor asked a question that stopped us cold: "How do you prove that your audit logs haven't been modified after the fact?" We looked at each other. Our audit logs were in a PostgreSQL table. Anyone wit...00
GRGrim Ringrimlabs.hashnode.dev·Mar 29 · 6 min readMulti-Tenant Audit Logging: The Architecture Mistakes We MadeWe shipped our SaaS product with a single audit_logs table that had a tenant_id column. Seemed fine. Every query filtered by tenant_id. We had an index on it. Done. Then a customer's admin found another customer's audit events in their activity feed....00
GRGrim Ringrimlabs.hashnode.dev·Mar 29 · 6 min readApplication Logs Are Not Audit Logs. I Learned This the Hard Way.When our auditor asked to see our audit logs, i pulled up Kibana and showed him our ELK stack. Beautiful dashboards. Millions of log entries. Full request/response logging. Structured JSON. The works. He looked at it for about 30 seconds and said, "T...00
