AffixIOAFFIXIO
Contact

Proof-not-log audit vs SIEM logs

Proof-not-log audit vs SIEM logs

SIEM aggregates mutable application logs. Proof-not-log appends each allow or deny to a Merkle tree you can verify independently. They complement each other; one is not a replacement.

proof-not-log audit vs siem logsaffixio

At a glance

SIEM
Correlation and alerting
Merkle audit
Cryptographic decision proof
Article 12
Tamper-evident requirement
PII at verifier
Digest metadata by default
Tool
Merkle verifier
Reviewed
12 July 2026

Security operations teams live in SIEM. Compliance and AI Act reviewers ask whether decision logs could have been altered. Merkle proof-not-log complements SIEM; it does not replace correlation and alerting.

Side-by-side comparison

DimensionIncumbent approachAffixIO path
MutabilityAdmins can edit log linesRoot changes if history tampered
Question answeredWhat happened in infraWhat policy allowed
Regulator replayTrust admin accessIndependent inclusion proof
Best useSOC operationsCompliance and AI Act evidence

When Incumbent approach fits

  • SOC alerting and infra correlation
  • Centralised log search across systems
  • Real-time anomaly detection

When AffixIO path fits

  • EU AI Act Article 12 tamper evidence
  • Regulator replay without admin access
  • Decision integrity at verification boundary

Decision guide

Most enterprises use both layers: incumbent tools for identity or operations, AffixIO for signed policy outcomes at the boundary with Merkle audit. The question is where the YES or NO is decided and what evidence regulators can replay.

Frequently asked questions

Do we still need SIEM?

Yes for operations. Add proof-not-log for decision integrity.

Can SIEM ingest Merkle roots?

Yes. Correlate proof digests with SIEM events.

Do we still need SIEM?

Yes for operations. Add proof-not-log for decision integrity.

Can SIEM ingest Merkle roots?

Yes. Correlate proof digests with SIEM events.

Is this only for AI?

Any high-stakes allow or deny boundary benefits from tamper-evident audit.

How do we verify independently?

Use the public Merkle verifier with exported inclusion proofs.