EasyWarrant

Security

Audit Logging

Tamper-evident, agency-owned audit trail for all CJI access and system events.

Overview

EasyWarrant maintains a full audit trail of all access to CJI, all system events, and all warrant lifecycle events. The audit log is agency property — Brigade Management maintains the infrastructure but agencies control and own their logs.

What Is Logged

Event CategoryEvents Captured
AuthenticationLogin, logout, MFA success/failure, session timeout, reauthentication
Warrant LifecycleCreated, submitted, queued, reviewed, approved, rejected, sealed, expired
Document AccessUpload, download, view, decrypt, encrypt, delete
Video SessionSession initiated, connected, disconnected, terminated, timed out
E-SignatureSignature requested, applied, verified, timestamped
Key ManagementKey access, rotation, revocation — all CMK operations
Admin ActionsUser created, modified, deactivated; policy changes; export requests
System EventsService start/stop, configuration changes, error conditions

Log Entry Structure

Every audit log entry includes:

  • Timestamp: ISO 8601 UTC with millisecond precision
  • Actor: User ID, role, agency ID
  • Action: Structured event type code
  • Resource: Warrant ID, document ID, session ID as applicable
  • Outcome: Success, failure, or partial
  • IP Address: Source IP of the request
  • Hash: SHA-256 hash of the previous log entry (tamper-evident chain)
{
  "id": "evt_01J8XK2M4N5P6Q7R8S9T0U1V2",
  "timestamp": "2026-03-24T14:32:07.841Z",
  "actor": {
    "userId": "usr_officer_abc123",
    "role": "officer",
    "agencyId": "agency_sheriff_county"
  },
  "action": "warrant.submitted",
  "resource": {
    "warrantId": "wrnt_2026-0847",
    "documentHash": "sha256:a3f8c2..."
  },
  "outcome": "success",
  "sourceIp": "redacted",
  "prevHash": "sha256:7d4e91..."
}

Tamper-Evidence

The audit log uses a hash chain — each entry includes the SHA-256 hash of the previous entry. Any modification to a historical entry breaks the chain and is detectable. The chain root is signed with an agency-controlled key stored in Azure Key Vault.

Agency Ownership and Export

Audit logs are agency property. Brigade Management cannot delete or modify agency audit logs. Agencies may:

  • Export their complete audit log at any time from the admin dashboard
  • Request a signed export with chain verification certificate
  • Configure automated export to agency-controlled storage
  • Set log retention policy per agency requirements

CJIS Audit Requirement

CJIS Security Policy v6.0 AU controls require a full access audit trail that is available for review during CJIS audits. The tamper-evident export satisfies this requirement. Agencies should retain exports per their state retention schedule.