Overview
Authentication failures, token reuse detection, and privilege escalation attempts are logged via this.logger.warn() as unstructured strings. Security information and event management (SIEM) systems cannot parse these reliably for alerting.
Specifications
Features:
- Emit structured JSON security events to a dedicated security log stream.
- Include:
eventType, userId, ip, timestamp, severity, details.
Tasks:
- Create
SecurityEventLogger in src/security/audit/ wrapping StructuredLoggerService.
- Define a
SecurityEventType enum (AUTH_FAILURE, TOKEN_REUSE, ACCOUNT_LOCKED, etc.).
- Replace
logger.warn() calls in AuthService and ThreatDetectionService with SecurityEventLogger.emit().
- Add a Prometheus counter
security_events_total{type} for dashboarding.
Impacted Files:
src/auth/auth.service.ts
src/security/threats/threat-detection.service.ts
- New
src/security/audit/security-event-logger.ts
Acceptance Criteria
- Every auth failure produces a JSON log line parseable by a SIEM.
- Prometheus counter increments on each security event.
- Unit tests verify log output structure.
Overview
Authentication failures, token reuse detection, and privilege escalation attempts are logged via
this.logger.warn()as unstructured strings. Security information and event management (SIEM) systems cannot parse these reliably for alerting.Specifications
Features:
eventType,userId,ip,timestamp,severity,details.Tasks:
SecurityEventLoggerinsrc/security/audit/wrappingStructuredLoggerService.SecurityEventTypeenum (AUTH_FAILURE,TOKEN_REUSE,ACCOUNT_LOCKED, etc.).logger.warn()calls inAuthServiceandThreatDetectionServicewithSecurityEventLogger.emit().security_events_total{type}for dashboarding.Impacted Files:
src/auth/auth.service.tssrc/security/threats/threat-detection.service.tssrc/security/audit/security-event-logger.tsAcceptance Criteria