BLACKSHIELD

Public Guide

How BlackShield Produces Audit-Ready Evidence

BlackShield gives authorized users a concrete audit workflow: filter events by action, actor, and time range, then export CSV or JSON evidence while recording the export itself in the audit trail. Audience: Security admins, compliance teams, auditors, and buyers validating accountability. Typical setup time: 10-15 minutes.

Before You Begin

  • Confirm the reviewer has audit log read and export permissions.
  • Prepare the case ID or audit ticket ID that the evidence must tie back to.
  • Have the exact action, actor, and time window you need before exporting.

Step-by-step

Step 1

Use the built-in audit filters first

The point of the audit screen is to answer a question with filters, not dump unbounded history.

  • BlackShield lets you filter by action, actor user ID, start time, end time, and result limit in `/audit`.
  • Read access and export access are permissioned separately, so not every reader can pull evidence packages.
  • Keep the case or audit ID with the export so the evidence stays traceable after download.

Step 2

Export the exact evidence package you need

BlackShield already supports both human-readable and machine-readable export formats.

  • Use CSV when the reviewer wants spreadsheet analysis or a lighter-weight audit packet.
  • Use JSON when the evidence is going into automation, archival, or another system.
  • Set an explicit time range so the export can be defended later without re-explaining scope.

Step 3

Use the audit trail to prove the evidence path itself

In BlackShield, evidence access is not invisible.

  • BlackShield records audit access queries and audit exports as audit events.
  • Use that record to show who pulled the evidence, which filters were used, and how many rows were exported.
  • Store the export timestamp and destination with the rest of the case record.

Success Checks

  • The evidence package shows the exact time range, actor scope, and action filters used.
  • The review can show that audit access and export activity was itself recorded by BlackShield.
How BlackShield Produces Audit-Ready Evidence | BlackShield Docs