Log Schemas
What this is
This section defines normalized log formats for evidence that can be included in an Evidence Bundle. These schemas provide a vendor-neutral structure for logs related to AI usage monitoring and agentic operations.
When to use
- Shadow AI visibility: Documenting detection, inventory, and remediation of unapproved AI usage.
- Agentic operation audits: Explaining autonomous agent privilege exercise, tool execution, and recursive operations.
- Incident reproducibility: Providing structured evidence for incident investigation and root cause analysis.
What it is NOT
!!! warning "Important" These schemas define log formats for evidence submission. They do NOT:
- Automatically collect logs from your systems
- Provide log aggregation or monitoring tools
- Guarantee compliance with any regulation or standard
- Replace vendor-specific logging implementations
Organizations must implement their own log collection pipelines and normalize logs to these schemas for evidence submission.
Schemas
| Schema | Purpose | Download |
|---|---|---|
| Shadow AI Discovery Log | Unapproved AI usage detection and inventory | shadow-ai-discovery.schema.json |
| Agent Activity Log | Agentic AI privilege exercise and tool execution | agent-activity.schema.json |
Related pages
- Minimum Evidence Requirements — MUST-level evidence checklist
- Evidence Bundle — Bundle structure and TOC
- Taxonomy — Classification codes (including UC-010 Agentic Automation, IM-007 Shadow/Unmanaged)