Safe Boundary / Features / Query Analytics & Logging
Observability
Query Analytics & Logging
Every sensitive system produces queries — but most teams cannot answer "who queried the users table at 2 AM, what did the SQL look like, and what did they get back?" Safe Boundary logs every query, block, rewrite, and mask event in structured format with full identity context, ready for compliance reporting and operational investigation.
Spectral Core — Established 2004 · Microsoft Partner · Google Partner · ISO 27001 Certified
Structured logs with full query context
Each log entry includes the authenticated identity (human or agent), source IP, original SQL, rewritten SQL where applicable, the matched policy rule, data classification tags, outcome, and timestamp. Logs are machine-readable and integrate with your existing SIEM or log aggregation pipeline.
Audit-ready for SOC 2, HIPAA, and PCI-DSS
The log schema is aligned with the access and change-event requirements of SOC 2 Type II, HIPAA audit controls, and PCI-DSS logging requirements. Spectral Core is SOC 2 Type II in progress and ISO 27001 certified. You do not need to build a separate logging layer to satisfy auditor requests.
Query analytics across all identities
The Safe Boundary dashboard surfaces query volume, block rates, PII exposure events, and policy match frequency across all human and agent identities. Identify which agent is generating the most risk, which query patterns are triggering blocks, and which tables are accessed most frequently.
Immutable, tamper-evident log stream
Logs are written in the data plane inside your VPC and forwarded to the control plane for visibility. The control plane never sees raw query content — it receives structured metadata only — so your sensitive data never leaves your environment.
Connect Safe Boundary and get full query observability across your Postgres fleet from day one.