# Audit Logs **Sync Type: Incremental** ## Overview The Koi Audit Logs input fetches audit log events from the [Koi Security](https://koi.security) platform. It accesses the `/api/external/v2/audit-logs` endpoint and supports filtering by event type, covering activities across approval requests, devices, endpoints, browser extensions, and firewall events. ## Prerequisites 1. Log in to your Koi Security portal. 2. Navigate to your account or API settings and generate a **JWT Bearer token** with access to the external audit logs API. 3. Note the token — you'll need it during connector configuration. If your organization uses a self-hosted or custom Koi deployment, note the base URL of your instance as well. ## Configuration | Setting | Type | Required | Description | |---|---|---|---| | API Token | string (secret) | true | JWT Bearer token for authenticating with the Koi API | | Base URL | string | false | Base URL for the Koi API. Defaults to `https://api.prod.koi.security` | | Audit Log Types | array of strings | false | Filter logs by type. Leave empty to fetch all types. Valid values: `approval_requests`, `devices`, `endpoints`, `extensions`, `firewall` | | Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ## Related Articles - [Koi Security](https://koi.security) ## Sample Record ```json { "created_at": "2025-03-04T12:34:56Z", "type": "extensions", "message": "Extension VSCode version updated on device laptop-01", "action": "updated", "hostname": "user-laptop-ABC123" } ```