Abstract: HashiCorp Vault is an excellent tool for improving the security posture of your organization. Yes, you know that already because you got Vault up and running. Everyone getting temporary credentials, no secret sprawl. Everything is as secure as it could be. Or is it? What if you spot something that does not look right? How do you trace it back through the tokens, leases, and auth methods back to the real person? Or how do you spot something that does not look right in the first place? Vault audit log takes time to comprehend, and you want to be ready to get through it quickly in case of a need for security incident response. In this talk, Andrey explains the Vault audit log structure and how you can use off-the-shelf data management tools to navigate and analyze it. Speaker: Andrey Devyatkin