datapilot-cli

Version:

Enterprise-grade streaming multi-format data analysis with comprehensive statistical insights and intelligent relationship detection - supports CSV, JSON, Excel, TSV, Parquet - memory-efficient, cross-platform

github.com/Mrassimo/datapilot

Mrassimo/datapilot

201 lines • 6.46 kB

TypeScript

/** * Security Audit Logging System * Comprehensive logging and monitoring for security events */ import type { LogContext } from '../utils/logger'; export interface SecurityEvent { /** Unique event ID */ id: string; /** Event timestamp */ timestamp: string; /** Event type/category */ type: SecurityEventType; /** Severity level */ severity: SecurityEventSeverity; /** Event source component */ source: string; /** User/session identifier */ userId?: string; /** IP address if applicable */ ipAddress?: string; /** File path involved */ filePath?: string; /** Operation attempted */ operation?: string; /** Event description */ description: string; /** Structured event data */ data: Record<string, unknown>; /** Processing outcome */ outcome: 'success' | 'failure' | 'blocked' | 'warning'; /** Risk score (0-10) */ riskScore: number; /** Related event IDs */ relatedEvents?: string[]; } export type SecurityEventType = 'authentication' | 'authorization' | 'file_access' | 'input_validation' | 'configuration_change' | 'policy_violation' | 'intrusion_attempt' | 'data_integrity' | 'system_security' | 'compliance'; export type SecurityEventSeverity = 'low' | 'medium' | 'high' | 'critical'; export interface AuditConfiguration { /** Enable audit logging */ enabled: boolean; /** Log file path */ logFilePath: string; /** Maximum log file size in bytes */ maxFileSize: number; /** Number of log files to retain */ maxFiles: number; /** Minimum severity to log */ minSeverity: SecurityEventSeverity; /** Enable real-time alerts */ enableAlerts: boolean; /** Alert thresholds */ alertThresholds: { highSeverityCount: number; criticalSeverityCount: number; timeWindowMinutes: number; }; /** Enable log encryption */ encryptLogs: boolean; /** Retention period in days */ retentionDays: number; } export interface AlertRule { /** Rule identifier */ id: string; /** Rule name */ name: string; /** Event types to monitor */ eventTypes: SecurityEventType[]; /** Minimum severity to trigger */ minSeverity: SecurityEventSeverity; /** Pattern to match in event data */ pattern?: RegExp; /** Threshold count within time window */ threshold: { count: number; timeWindowMinutes: number; }; /** Alert action */ action: 'log' | 'notify' | 'block' | 'escalate'; /** Rule enabled status */ enabled: boolean; } export declare class SecurityAuditLogger { private static instance; private config; private events; private alertRules; private alertCounts; private writeStream?; private currentLogFile?; private logRotationTimer?; private constructor(); static getInstance(config?: Partial<AuditConfiguration>): SecurityAuditLogger; /** * Log a security event */ logSecurityEvent(type: SecurityEventType, description: string, data?: Record<string, unknown>, options?: { severity?: SecurityEventSeverity; source?: string; userId?: string; filePath?: string; operation?: string; outcome?: SecurityEvent['outcome']; riskScore?: number; context?: LogContext; }): Promise<string>; /** * Log authentication event */ logAuthenticationEvent(operation: 'login' | 'logout' | 'token_refresh' | 'password_change', outcome: SecurityEvent['outcome'], userId?: string, data?: Record<string, unknown>, context?: LogContext): Promise<string>; /** * Log file access event */ logFileAccessEvent(filePath: string, operation: string, outcome: SecurityEvent['outcome'], userId?: string, data?: Record<string, unknown>, context?: LogContext): Promise<string>; /** * Log policy violation */ logPolicyViolation(policyName: string, violationType: string, data?: Record<string, unknown>, context?: LogContext): Promise<string>; /** * Log intrusion attempt */ logIntrusionAttempt(attackType: string, source: string, data?: Record<string, unknown>, context?: LogContext): Promise<string>; /** * Add custom alert rule */ addAlertRule(rule: AlertRule): void; /** * Remove alert rule */ removeAlertRule(ruleId: string): boolean; /** * Get security events with filtering */ getEvents(filter?: { type?: SecurityEventType; severity?: SecurityEventSeverity; outcome?: SecurityEvent['outcome']; userId?: string; filePath?: string; startTime?: Date; endTime?: Date; minRiskScore?: number; limit?: number; }): SecurityEvent[]; /** * Get security statistics */ getStatistics(timeRange?: { start: Date; end: Date; }): { totalEvents: number; eventsBySeverity: Record<SecurityEventSeverity, number>; eventsByType: Record<SecurityEventType, number>; eventsByOutcome: Record<string, number>; averageRiskScore: number; topRiskEvents: SecurityEvent[]; }; /** * Export audit log */ exportAuditLog(filePath: string, format?: 'json' | 'csv', filter?: Parameters<typeof SecurityAuditLogger.prototype.getEvents>[0]): Promise<void>; /** * Clear old events based on retention policy */ clearOldEvents(): Promise<number>; private initializeLogging; private createLogStream; private setupDefaultAlertRules; private generateEventId; private calculateSeverity; private calculateRiskScore; private shouldLogEvent; private writeEventToLog; private checkAlertRules; private triggerAlert; private sanitiseEventData; private extractIpAddress; private eventsToCSV; private startCleanupTimer; /** * Shutdown audit logger gracefully */ shutdown(): Promise<void>; } /** * Factory function for easy access */ export declare function getSecurityAuditLogger(): SecurityAuditLogger; /** * Security monitoring middleware */ export declare class SecurityMonitor { private auditLogger; constructor(); /** * Monitor function execution for security events */ monitorExecution<T>(operation: string, fn: () => Promise<T>, context?: LogContext): Promise<T>; } //# sourceMappingURL=audit-logger.d.ts.map