Description
Security-related events are not currently logged in a structured or auditable way. A security reporting system should be implemented to track authentication anomalies and policy violations and not just display seed data placed in the database.
Events to Record
- Failed login attempts
- Repeated login failures
- Login attempts outside officer curfew time
- Successful logins for audit purposes
Acceptance Criteria
- Security events are recorded in a persistent store
- Each event includes timestamp, user (if applicable), IP, and reason
- Admins can retrieve and review security reports
- System does not expose sensitive credentials in logs
Labels
security, backend, audit, high-priority
Description
Security-related events are not currently logged in a structured or auditable way. A security reporting system should be implemented to track authentication anomalies and policy violations and not just display seed data placed in the database.
Events to Record
Acceptance Criteria
Labels
security,backend,audit,high-priority