Skip to content

Add structured security event logging for authentication and authorization failures #839

Description

@RUKAYAT-CODER

Overview

Authentication failures, token reuse detection, and privilege escalation attempts are logged via this.logger.warn() as unstructured strings. Security information and event management (SIEM) systems cannot parse these reliably for alerting.

Specifications

Features:

  • Emit structured JSON security events to a dedicated security log stream.
  • Include: eventType, userId, ip, timestamp, severity, details.

Tasks:

  • Create SecurityEventLogger in src/security/audit/ wrapping StructuredLoggerService.
  • Define a SecurityEventType enum (AUTH_FAILURE, TOKEN_REUSE, ACCOUNT_LOCKED, etc.).
  • Replace logger.warn() calls in AuthService and ThreatDetectionService with SecurityEventLogger.emit().
  • Add a Prometheus counter security_events_total{type} for dashboarding.

Impacted Files:

  • src/auth/auth.service.ts
  • src/security/threats/threat-detection.service.ts
  • New src/security/audit/security-event-logger.ts

Acceptance Criteria

  • Every auth failure produces a JSON log line parseable by a SIEM.
  • Prometheus counter increments on each security event.
  • Unit tests verify log output structure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions