Q4 Security Incident Report
Module: Security • Oct 15, 2024
Role: Auditor • Metadata only
Why VeritasLog?
Protocol native privacy, verifiability, and compliance for sensitive logs. Encrypt incidents on Walrus, gate access on Sui, verify integrity with Seal, and search metadata via Nautilus.
Selective Disclosure
Keep incident logs fully encrypted on Walrus and reveal content only to approved wallets while everyone else sees metadata.
Onchain Access Control
Store log pointers and access lists on Sui so role changes and grants are transparent, tamper evident, and auditable on-chain.
Wallet Native Roles
Super Admin, Admin, and Auditor roles are tied directly to Sui wallet addresses no extra login system, everything driven by transactions.
Verifiable Storage with Seal
Every log commit is bound to a Seal compatible hash so auditors can re-check integrity whenever a log is opened.
Privacy Preserving Search
Indexes only metadata, enabling queries like “HIGH severity this week” without exposing encrypted payloads.
Compliance Ready Audit Trail
Show regulators which logs existed, who had access, and when they were opened without leaking sensitive details.
How It Works
Four protocol native steps from encrypted log to verifiable audit trail
Upload & Encrypt Log
Admin registers an incident log; the app encrypts the payload before it leaves the browser.
Store on Walrus & Sui
Encrypted blob is written to Walrus while a Sui contract records the CID, metadata, and access list.
Index Metadata
Only metadata is indexed so auditors can query by severity, module, or time range without seeing the raw content.
Verify & Disclose Selectively
When an authorized wallet opens a log, the app verifies integrity via Seal against on-chain data, then decrypts only for that user.
See It In Action
Watch a quick walkthrough of how VeritasLog turns raw incident reports into encrypted, verifiable compliance logs: connect a Sui wallet, register a log, store it on Walrus, anchor metadata and access rules on-chain, and verify integrity with Seal before disclosure.
- Connect a Sui wallet and see your on-chain role (Auditor, Admin, Super Admin).
- Register an incident log while the payload is encrypted client side.
- Store the encrypted blob on Walrus and commit CID + metadata to a Sui contract.
- Search logs by severity and time window via Nautilus using only metadata.
- Open a log as an authorized wallet, verify integrity with Seal, then decrypt selectively.
What teams say
Real feedback from teams using VeritasLog to keep sensitive logs encrypted, verifiable, and audit-ready.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
@raka.trips
Finally, an audit log where we can prove nothing was changed after the incident was recorded.
@auliarmdnii
Walrus + Sui integration gives us verifiable storage without exposing sensitive payloads.
@kevinlim
Auditors search by severity and date via Nautilus while the encrypted content stays private.
@dewik
Selective disclosure means only approved wallets can decrypt, everyone else sees metadata only.
@arif.ng
Role promotion from Auditor to Admin happens fully on-chain, so access changes are always traceable.
@sintawr
Seal verification reassures regulators that the log we open today is the same one first committed.
@bagus.m
Wallet native roles removed our need for yet another off-chain auth system for compliance tools.
@yukitan
Granting temporary access to a single log for an external auditor is straightforward and transparent.
@nadia.putri
During audits we can show all HIGH severity logs for a period without leaking underlying incidents.
Technical Architecture
Built around Walrus, Sui, and Seal for verifiable, private compliance logs
Frontend
- Next.js 15 (App Router) + TypeScript for the VeritasLog dashboard
- TailwindCSS, Framer Motion, Magic UI primitives for secure, animated UI
- @mysten/dapp-kit to connect Sui wallets and read on-chain roles
- Client state and queries tuned for log lists, detail views, and access flows
Backend (API & Services)
- Next.js Route Handlers for log ingestion, metadata APIs, and access workflows
- Walrus client to upload/download encrypted blobs without exposing plaintext
- Seal integration to generate and verify hashes bound to on-chain commitments
- Bridges to indexing so auditors can query logs by severity and time range
On-Chain & Storage
- Sui Move contracts for LogRegistry and wallet native roles (Super Admin, Admin, Auditor)
- On-chain storage of Walrus CID, integrity hash, metadata, and access control lists
- Selective disclosure flow: commit log, approve access, then decrypt only for allowed addresses
- Powered metadata search so audits see “which logs existed” without raw content
Frequently Asked Questions
Q1 Do I need cryptocurrency to use VeritasLog?
For the demo you connect a Sui wallet to a test network. You’ll need a small amount of test SUI for gas, but no real funds are required.
Q2 Where is my log data actually stored?
The encrypted payload is stored on Walrus. Sui smart contracts store the Walrus CID, integrity hash, metadata (title, severity, module, timestamps), and access lists. No plaintext log content is written on-chain.
Q3 Who can see the contents of a log?
By default only addresses explicitly granted access by an Admin or Super Admin can decrypt and read the payload. Everyone else, including other auditors, can only see metadata such as severity, date, and module.
Q4 What do the roles Auditor, Admin, and Super Admin mean?
Roles are fully wallet native. New connected wallets start as Auditors: they can browse metadata and request access or role upgrades. Admins can register logs and approve access. The Super Admin (set at deploy) can manage Admins and oversee role changes on-chain.
Q5 How does selective disclosure work in practice?
When a log is created, the app encrypts the payload client-side, stores it on Walrus, and records a CID plus access rules on Sui. When an approved wallet opens the log, VeritasLog verifies integrity via Seal, then decrypts the payload locally only for that wallet.
Q6 How is integrity verified with Seal?
At commit time, VeritasLog derives a hash that is compatible with Seal and stores that commitment on-chain alongside the CID. When a log is opened later, the app recomputes the hash and checks it against the on-chain value to prove the payload has not been modified.
Q7 Can auditors search logs without exposing sensitive content?
Yes. Only metadata is indexed via Nautilus. Auditors can run queries like “HIGH severity logs this week” or filter by module and time range, while the underlying encrypted payloads remain hidden until access is granted.
Q8 Is VeritasLog suitable for real compliance and regulatory audits?
That’s the goal. Organizations can prove which logs existed, when they were committed, and who had access, while still keeping sensitive incident details encrypted. During an audit, you can disclose only the specific logs and fields required to satisfy the regulator.
Ready to Make Your Compliance Logs Verifiable?
Join teams using VeritasLog to keep sensitive incident logs encrypted, selectively disclosed, and backed by on-chain proofs for auditors and regulators.