🏠 Overview 🧩 Components 🧩 Security Monitoring Service

Security Monitoring Service

Component Detail

Service Layer high complexity backend
3
Dependencies
2
Dependents
6
Entities
0
Integrations

Description

Backend service that aggregates security-relevant data from audit_logs and sessions tables to produce real-time security metrics and anomaly signals. Runs server-side within Next.js API routes. Refresh intervals and alert thresholds are configurable per organization via organization_settings.

Feature: Security Dashboard

security-monitoring-service

Responsibilities

  • Aggregate active session counts and flag concurrent or geographically anomalous sessions
  • Query audit_logs for failed login attempts, privilege escalations, and unusual access patterns
  • Evaluate configurable alert thresholds and produce an alerts list with severity scoring
  • Expose REST API endpoints consumed by the Security Dashboard Page via SSR
  • Enforce tenant isolation so organization admins only see their own org metrics

Interfaces

getSecurityMetrics(orgId: string): SecurityMetrics
getActiveAlerts(orgId: string): Alert[]
getRecentAuthEvents(orgId: string, limit: number): AuthEvent[]
dismissAlert(alertId: string, adminId: string): void
getSessionAnomalies(orgId: string): SessionAnomaly[]

Relationships

Dependencies (3)

Components this component depends on

infrastructure Audit Service Shared data Security Metrics Repository service Session Management Service

Dependents (2)

Components that depend on this component

ui Security Dashboard Page ui Security Alert Panel

Related Data Entities (6)

Data entities managed by this component

Audit Log 17 fields audit Device Token 12 fields core Organization 22 fields core Session 19 fields core User 26 fields core User Role 15 fields core