Security Analytics - v1.0.0
Usage
Per-subsystem reference. Each topic is a self-contained surface — you can use any subset without touching the others.
Topics
- Event logging —
SecurityEventLogger, automatic Laravel auth event capture, structuredsecurity_events - Anomaly detection — the 8 shipped detectors, baselines, detection service
- Threat intelligence — provider aggregation, IP / URL lookups, indicator caching
- SIEM export — exporter selection, formatters, retry, async export
- Incident response — playbook definitions, the 10 shipped actions
- Alerting — channels, alert rules, alert history
- Reports — on-demand vs scheduled, the 6 report types
- Dashboard — Livewire UI + JSON API endpoints
- Artisan commands — full command reference
Quick reference
// Logging
security_analytics()->logger()->log( type: '...', name: '...', severity: '...', context: [...] );
// Anomaly detection
security_analytics()->detection()->analyze( $event );
// Threat intel lookup
security_analytics()->threats()->lookupIp( '198.51.100.1' );
// Alerting
security_analytics()->alerts()->send( channel: 'slack', message: '...' );
// Reports
security_analytics()->reports()->generate( type: 'executive_summary', from: ..., to: ... );
Or via the Facade — SecurityAnalytics::logger(), SecurityAnalytics::detection(), etc.