Guides
Security Monitoring

Security Monitoring

AZTP provides zero-config security monitoring with built-in event tracking and audit trails.

Understanding Security Events

AZTP automatically monitors all security events by default - no configuration needed:

  • Identity verifications
  • Policy decisions
  • RPC communications
  • Security-related errors

All events are automatically logged to console in this format:

[AZTP:EVENT] {
  type: 'identity|policy|rpc',
  agentId: 'agent-id',
  timestamp: '2024-01-10T12:00:00.000Z',
  ...eventSpecificData
}

Event Types

Identity Events

{
  type: 'identity',
  timestamp: 1704614400000,
  agentId: 'finance-agent',
  data: {
    action: 'verified',     // verified, setup_complete, etc.
    success: true,
    spiffeId: 'spiffe://company.org/finance'
  }
}

Policy Events

{
  type: 'policy',
  timestamp: 1704614400000,
  agentId: 'finance-agent',
  data: {
    action: 'evaluated',
    allowed: true,
    reason: 'Access granted by role-based policy'
  }
}

RPC Events

{
  type: 'rpc',
  timestamp: 1704614400000,
  agentId: 'finance-agent',
  data: {
    action: 'request_received',
    method: 'calculate-tax',
    success: true
  }
}

Best Practices

  1. Default Logging

    • Default console logging is always enabled
    • Great for development and debugging
    • No configuration needed

  2. Custom Event Handling

    • Add custom handlers for production
    • Keep default logging if needed
    • Handle errors gracefully

  3. Event Storage

    • Store events securely
    • Include all relevant context
    • Maintain audit trails

Common Patterns

Using Default Logging

// Default logging is enabled automatically
const securedAgent = await secureConnect(agent, {
  spiffe: {
    trustDomain: 'company.org',
    keyDir: './keys'
  }
  // No monitoring config needed - events will be logged to console
});

Adding Custom Handler

const securedAgent = await secureConnect(agent, {
  // ... other config ...
  monitoring: {
    onEvent: async (event) => {
      // Your custom handling - in addition to default logging
      await db.securityEvents.create({
        type: event.type,
        timestamp: new Date(event.timestamp),
        agentId: event.agentId,
        data: JSON.stringify(event.data)
      });
 
      // Alert on failures
      if (!event.data.success) {
        await alerting.notify({
          level: 'warning',
          message: `Security event failure: ${event.type}`,
          details: event
        });
      }
    }
  }
});
Secure RPCIndex