Audit Trail — `nat ai audit-trail`

Quick use:

nat ai audit-trail --scan-id scan_001

What it does

nat ai audit-trail generates a BGSTM 6-phase evidence map for a completed scan. It documents every step of the testing process with timestamps, artifacts, and AI-generated summaries — giving auditors a complete, traceable record of how the scan was conducted and what was found.

The 6 phases

Phase	What it captures
1 — Plan	Test plan generation: spec used, endpoint count, priority ranking rationale, AI model used
2 — Generate	Test case generation: number of cases generated, coverage by endpoint and attack type
3 — Prepare	Environment setup: target URL, auth config, scan parameters, tool versions
4 — Execute	Scan execution: start/end timestamps, requests sent, errors, retries
5 — Analyze	Finding analysis: AI explanations generated, severity classifications, deduplication
6 — Report	Outputs produced: report files, exports triggered, compliance reports generated

Command options

Flag	Description	Default
`--scan-id`	The scan to generate a trail for (positional arg)	Required
`--output`	Output file path	stdout
`--format`	Output format: `json`, `pdf`, `markdown`	`markdown`

Example output

{
  "audit_trail_id": "trail_scan_001",
  "scan_id": "scan_001",
  "generated_at": "2024-01-15T12:00:00Z",
  "phases": [
    {
      "phase": 1,
      "name": "Plan",
      "timestamp": "2024-01-15T10:00:00Z",
      "evidence": {
        "spec": "openapi.yaml (sha256: abc123)",
        "endpoints_discovered": 42,
        "plan_id": "plan_20240115_001",
        "ai_model": "gpt-4o"
      }
    },
    {
      "phase": 2,
      "name": "Generate",
      "timestamp": "2024-01-15T10:02:00Z",
      "evidence": {
        "test_cases_generated": 187,
        "coverage": "42/42 endpoints",
        "attack_types": ["BOLA", "injection", "auth-bypass", "rate-limiting"]
      }
    },
    {
      "phase": 3,
      "name": "Prepare",
      "timestamp": "2024-01-15T10:05:00Z",
      "evidence": {
        "target_url": "https://api.example.com",
        "auth_type": "bearer",
        "concurrency": 10,
        "nat_version": "2.1.0"
      }
    },
    {
      "phase": 4,
      "name": "Execute",
      "timestamp": "2024-01-15T10:05:00Z",
      "duration_seconds": 834,
      "evidence": {
        "requests_sent": 1423,
        "errors": 2,
        "retries": 5
      }
    },
    {
      "phase": 5,
      "name": "Analyze",
      "timestamp": "2024-01-15T10:19:00Z",
      "evidence": {
        "findings": 7,
        "critical": 1,
        "high": 2,
        "medium": 3,
        "low": 1,
        "ai_explanations_generated": 7
      }
    },
    {
      "phase": 6,
      "name": "Report",
      "timestamp": "2024-01-15T10:20:00Z",
      "evidence": {
        "reports_generated": ["scan_001.html", "scan_001.json"],
        "exports": ["github-issues: 3 issues created"],
        "compliance_reports": ["owasp_scan_001.pdf"]
      }
    }
  ]
}

Export for auditors

Export a PDF for direct submission to an auditor or compliance team:

nat ai audit-trail scan_001 --format pdf --output audit_trail_Q1_2024.pdf

The PDF includes all 6 phases with artifact hashes, timestamps, and a cover page summarizing the scan scope and findings.

Plan requirements

Plan	Audit trail
Free	— (not available)
Pro	— (not available)
Team / Enterprise	✅ Unlimited

⚠️

Audit trails are a Team and Enterprise feature. If you need audit trail export for a compliance engagement on a Pro plan, contact support@nat-testing.io.

Want to just scan? Quick Scan guide →

Was this helpful?

Compliance Reports Dashboard Chat

Audit Trail — nat ai audit-trail