Security Event Service
Component Detail
Description
Backend service that queries the audit_logs table to aggregate and categorize security-relevant events for a given tenant. Filters by event_type categories including authentication failures, session anomalies, privilege escalations, and Global Admin support-access entries, always scoping results to the requesting tenant.
security-event-service
Sources & reasoning
A dedicated service layer is required to read and aggregate raw audit_log rows into security-meaningful summaries without exposing direct DB access to the UI layer. Strict tenant scoping on every query enforces the platform's multi-tenant isolation model described in the source documentation.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Query audit_logs filtered by security event_type categories and tenant ID
- Aggregate event counts and timelines for dashboard chart rendering
- Return active and recent Global Admin time-bounded support-access sessions
- Enforce multi-tenant isolation - all queries are scoped to the requesting user's organization
Interfaces
getSecurityEventSummary(tenantId, timeRange): SecurityEventSummary
getAuthFailureTimeline(tenantId, bucketSize): TimelineBucket[]
getActiveSupportSessions(tenantId): SupportSession[]
getPrivilegeEscalationEvents(tenantId, limit): AuditEvent[]
getSuspiciousAccessEvents(tenantId, limit): AuditEvent[]
Relationships
Dependencies (2)
Components this component depends on
Related Data Entities (5)
Data entities managed by this component