Aura Activity Feed: Enhanced Security and Compliance for Neo4j Aura

Photo of Ian McCloy

Ian McCloy

Senior Product Manager, Neo4j

3 min read

Create a free graph database instance in Neo4j AuraDB

At Neo4j, we understand that modern organizations require more than just a powerful graph database. They also need robust visibility into their environments for security, compliance, and operational efficiency. To meet these needs, we’re excited to introduce the Aura activity feed, a new feature in the Neo4j Aura SaaS platform, AuraDB, that gives administrators deeper insights into activities performed by their users.

Why the Activity Feed Matters

Enhanced Security Monitoring

Security threats often hide in plain sight. Detailed activity logs help teams detect unusual behaviors such as unauthorized logins, sudden privilege changes, or unexpected modifications to database instances. With the Aura activity feed, administrators can review these events in real time, investigate anomalies, and respond proactively.

Regulatory Compliance

Organizations operating under regulations like GDPR or HIPAA must maintain reliable audit trails. The activity feed ensures that every action is logged in a structured format suitable for compliance reviews and external audits.

Centralized Threat Detection

Structured logs are key to seamless integration with SIEM solutions. By providing event data in a standard JSON format, the activity feed allows security teams to centralize monitoring and streamline their threat detection processes.

Where to Access the Activity Feed

The Aura activity feed is designed to provide both organization-wide and project-level visibility, offering:

  • Organization activity view: Available to org owners and admins, this view shows all activity across the entire organization and is available in the top-level organization settings of the Aura UI.
Aura UI, Top Level of the Org
  • Project activity view: Project administrators can access logs specific to a project, allowing for more granular oversight and accountability. This is available in the Aura UI, under the Project menu.

Structured and Actionable Logs

Logs in the Aura activity feed follow a structured JSON format consistent with leading SaaS audit log standards. Each event record includes:

  • Insert ID (unique for each event)
  • ISO 8601 timestamp in UTC
  • User identifier (who took the action and their source IP address)
  • Target ID (e.g., Aura Org ID, Instance ID)
  • Event code or error code (ID of the type of event)

This consistency ensures that events can be parsed and analyzed programmatically, making the feed ideal for compliance audits and automated monitoring.

What Gets Captured

The Aura activity feed covers a comprehensive set of events:

  • User account changes: User invitation, user removal, modifications
  • Privilege management: Grants, revocations, role assignments
  • Database instance modifications: Creation, alteration, deletion
  • Configuration changes: Inserts, updates (with before/after values), deletes
  • System events: Database pause/resume, backup creation/restore

We plan to add additional event types over time, expanding the capability that the activity feed covers.

Filtering and Exporting

Administrators can filter the activity feed in the UI by date range, user, source IP address, event type, project, and more. To support external analysis, the feed also includes an export feature that allows up to the last 30 days of events to be exported in JSON or CSV format, with the same flexible filtering options applied. This ensures that teams can integrate Aura activity data into their security pipelines or compliance reporting workflows with ease.

In the future, we’ll also provide methods to programmatically retrieve the activity feed data.

Power, Transparency, and Control

The Aura activity feed delivers the transparency that modern organizations expect from their SaaS platforms. With detailed, structured logs, administrators can strengthen security monitoring, simplify compliance audits, and connect Aura data seamlessly into broader enterprise monitoring systems.

Start exploring the Aura activity feed today in your Aura UI, and take control of your organization’s security and compliance needs.

Resources

Aura Activity Feed: Enhanced Security and Compliance for Neo4j Aura was originally published in Neo4j Developer Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Share Article

Explore

Modeling Disruptions in the MTA Subway


7 min read

Cypher and the Cipher Manuscript


21 min read

Build Better Recommendations With Aura Graph Analytics


10 min read

Conquering Neo4j Errors: GQLSTATUS Code to the Rescue


6 min read

Declarative Route Planning With Cypher 25 — Graph Traversal Grows Up


12 min read

Streamline Data Ingestion With the Neo4j Aura Import API


8 min read