Audit tools (instance / system level)
On top of the read-only site surface, the MCP Server provides four audit tools for administrators who require oversight across the wider HighQ instance. These tools cover sign-in and access activity, site lifecycle events, membership activity, and content activity.
Audit queries perform best when they are kept narrow and bounded, focused on a single activity type, a short time window, and, where relevant, a single site.
Sign-in & access activity
Sign-in and access events, including 2FA, proxy, and impersonation context.
Get login and authentication audit list
Show failed sign-in attempts across the instance in the last 7 days
List logins that used impersonation yesterday
Workspace lifecycle activity
Site lifecycle events - creation, archival, and ownership changes.
Get site management audit list
Which sites were created or archived this month?
Show site ownership changes across the instance last quarter
User additions and removals, with external users flagged.
Get user management audit list
List users added or removed across the instance this week, flagging external users
Show membership changes involving external users in the last 30 days
Uploads, downloads, deletions, and bulk-action patterns.
Get content management audit list
Show bulk-download activity across the instance in the last 24 hours
List all content deletions instance-wide this week
Audit tools operate at the instance level and aggregate audit data from all sites within your HighQ instance. Site-level audit API exposure is not supported. Audit tools respect instance boundaries, so audit data from other instances cannot be accessed.