Skip to content

Security Event Correlation: Normalised Events & Incident Aggregation Layer #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wenyupeng merged 3 commits into from
Jan 28, 2026
Merged

Security Event Correlation: Normalised Events & Incident Aggregation Layer #174

wenyupeng merged 3 commits into from
Jan 28, 2026

Conversation

@elanlaw1206
Copy link
Contributor

@elanlaw1206 elanlaw1206 commented Jan 22, 2026

Summary

This PR introduces the foundation for security event correlation by adding a normalised security event model and an initial incident aggregation layer.

The goal of this change is to prepare the backend for correlating related authentication and security events into higher-level incidents, supporting future security analysis and reporting features.

Key Changes

  • Introduced a normalised SecurityEvent model to standardise security telemetry.
  • Added SecurityEventType definitions to unify event classification across sources.
  • Implemented an initial incident aggregation layer to group related security events.
  • Prepared backend logic for future correlation enhancements (confidence scoring, timelines, severity).
  • Changes are backend-only and focused on data modelling and aggregation logic.

Design Notes

  • This PR focuses on correlation foundations rather than end-user reporting.
  • No frontend dependency is introduced.
  • No existing API behaviour is modified.
  • Designed to be extended by later features (e.g. security insights export, dashboards).

Testing / Validation

  • Logic validated through service-level execution and controlled test data.
  • No breaking changes introduced.

Scope

This change is self-contained and safe to merge. It establishes the groundwork for subsequent security insights and reporting features.

Primary contributor: King Hei Law

wenyupeng
wenyupeng reviewed Jan 28, 2026
View reviewed changes
Copy link
Contributor

@wenyupeng wenyupeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code review: pass.

wenyupeng
wenyupeng approved these changes Jan 28, 2026
View reviewed changes
Copy link
Contributor

@wenyupeng wenyupeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code review: pass.

@wenyupeng wenyupeng merged commit 6139d71 into Gopher-Industries:master Jan 28, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wenyupeng wenyupeng wenyupeng approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@elanlaw1206 @wenyupeng