User Logs tab — per-user security event history
The User Logs tab in the SIEM module shows the full security-event history for an individual user — sign-ins, role changes, sensitive actions, failed access attempts, and anything else recorded by the platform.
What you can see depends on who you are:
Platform admin (Turtini staff):
You see a search box that finds any Turtini user by name or email across every org on the platform. Selecting a user pulls every security event for them across all orgs they're a member of, with the org ID shown in the expanded event details.
Org owner / admin:
You see a search box scoped to members of the currently active org. The list is loaded from your org's roster — pick anyone to see their security events scoped to this org. You won't see their activity in other orgs they belong to.
Regular member:
You don't see a search box. The tab auto-loads your own activity log for the current org — useful for spotting unfamiliar sign-ins from a device or location you don't recognize. There's no way for a member to look up another member's log.
Reading an event:
Each row shows a timestamp, a severity dot, the event title and description, the source (which subsystem emitted it), and a severity badge. Click a row to expand it and see the event ID, type, source IP, org ID (platform admin only), and full metadata payload.
The most recent 500 events are shown for any user. Authorization is enforced server-side — you can't bypass the scope by tampering with the request. If something looks wrong (an unfamiliar IP, a sign-in at 3am from another country), report it via Account → Settings → Safety → Report a security concern.