The system monitors and responds to:
Category: Security Monitoring System
Which parts of my platform are protected?
The Security Monitoring System protects:
Can I see historical attempt data after clearing?
No. Once you clear attempts, the tracking data is permanently deleted. However, security events logged in the database (viewable in the dashboard) remain intact for audit purposes.
Where are failed login attempts tracked?
Failed authentication attempts are tracked using secure file-based JSON storage in the system logs directory. Admin token attempts and user login attempts are tracked separately for granular monitoring.
Does clearing attempts unblock IPs?
No. The “Clear Attempts” feature only resets the attempt counters and tracking files. Permanently blocked IPs remain blocked and must be manually unblocked individually from the Blocked IPs section.
What is the “Clear Attempts” feature?
The “Clear Attempts” button allows administrators to reset all failed authentication attempt tracking. This action: Use Case: Testing, troubleshooting, or after resolving a security incident.
How can I view detailed information about a specific security event?
Click the “Details” button next to any event in the Recent Security Events table. A modal window displays complete information including event ID, severity, type, description, user ID, IP address, timestamp, and additional JSON details.
What do the different severity levels mean?
How often does the dashboard update?
The Security Events Dashboard updates automatically every 30 seconds when you have the page open. You can also manually refresh by clicking the browser refresh button.
What is the Event Type Distribution Chart?
The donut chart shows the breakdown of different types of security events (e.g., unauthorized access, failed logins, threshold exceeded). It helps you understand which attack vectors are most common on your platform.