BGSTM Audit Trail
Every NAT scan follows the BGSTM (Background Security Testing Methodology) — a 6-phase framework that ensures complete, auditable evidence for every finding.
The 6 Phases
📋 Phase 1 — Plan
AI risk analysis generates a prioritized test plan based on your API spec and historical findings.
Evidence captured:
- Test plan document with endpoint prioritization
- Risk scores per endpoint
- Priority matrix mapping attack types to endpoints
🧪 Phase 2 — Generate
AI creates targeted test cases for each prioritized endpoint.
Evidence captured:
- Test case definitions with expected outcomes
- Attack vectors selected per endpoint
- Coverage map (endpoints × attack types)
⚙️ Phase 3 — Prepare
Environment setup, authentication configuration, and baseline establishment.
Evidence captured:
- Config snapshot (
.natrcvalues used for this scan) - Auth token types and scopes (token values are never logged)
- Environment metadata (target URL, NAT version, timestamp)
▶️ Phase 4 — Execute
Parallel agent execution runs all test cases with real-time adaptation.
Evidence captured:
- Full request/response logs for every test case
- Timing data (start, end, duration per endpoint)
- Agent decisions and retry behavior
🔍 Phase 5 — Analyze
Finding correlation, impact assessment, and false positive filtering.
Evidence captured:
- Correlation matrix linking related findings
- Confidence scores and impact ratings per finding
- False positive decisions with rationale
📊 Phase 6 — Report
Evidence compilation, framework mapping, and narrative generation.
Evidence captured:
- Final report artifacts (HTML, JSON, PDF)
- Compliance framework mappings per finding
- Remediation plan with prioritized recommendations
Why BGSTM matters for compliance
Auditors don't just need to know what was found — they need to see the methodology behind the findings. BGSTM gives auditors:
- A documented, repeatable process for every scan
- Timestamped evidence at each phase
- A chain of custody from test plan to final report
- AI-generated summaries that explain findings in auditor-friendly language
SOC 2 Type II auditors specifically look for evidence of ongoing, systematic security testing. The BGSTM audit trail provides that evidence automatically.
Accessing the audit trail
CLI:
nat ai audit-trail --scan-id scan_001 --output trail.jsonAPI:
GET /api/v1/compliance/audit-trail/{scan_id}Dashboard: Open any completed scan → expand the scan row → click "View Audit Trail"
Export formats
| Format | Use case |
|---|---|
| JSON | Machine-readable, suitable for SIEM integration |
| Auditor-friendly, includes phase summaries and cover page | |
| HTML | Shareable via permalink, browser-viewable |
For full CLI reference, see AI Assistant → Audit Trail.
Plan availability
| Plan | Audit trail |
|---|---|
| Free | — (not available) |
| Pro | — (not available) |
| Team | ✅ Unlimited |
| Enterprise | ✅ Unlimited |
Audit trails are a Team and Enterprise feature. If you need audit trail export for a compliance engagement on a Pro plan, contact support@nat-testing.io.
In a hurry? See Quick Scans