Contrib.social

Audit and Logging System for Compliance

Open on Drupal.org β†’
Created on 2 March 2025, about 1 month ago

Problem/Motivation

FedRAMP and HIPAA require comprehensive audit logging that exceeds Drupal's default capabilities. Drupal 11 needs an enhanced logging system that supports detailed event tracking, secure storage, and compliance reporting.

Steps to reproduce

  1. Review Drupal 11's default logging
  2. Compare to FedRAMP AU controls
  3. Note the gaps in detail, retention, and reporting
  4. Observe lack of security event classification

Proposed resolution

Create a Recipe component for enhanced audit logging:

  • Comprehensive security event capturing
  • Configurable retention policies
  • Tamper-evident log storage
  • External SIEM integration
  • Compliance reporting tools

Remaining tasks

  1. Define event taxonomy for security logging
  2. Implement Recipe-based logging configuration
  3. Create retention management tools
  4. Build reporting interfaces
  5. Develop external integration APIs

User interface changes

  • Enhanced log viewer with security filters
  • Compliance reporting dashboard
  • Log policy management interface

API changes

  • Extended logging services
  • Event subscribers for security actions
  • Report generation APIs

Data model changes

  • Enhanced log storage schema
  • Policy configuration entities
  • Report template storage
🌱 Plan
Status

Needs work

Component

Documentation

Created by

πŸ‡ΊπŸ‡ΈUnited States flux423 Portland, Maine

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024