Roos-fs-ZIP

Description

we need a monitoring system that records all CRUD events in all categories and raises automatic alerts for suspicious activity. Logging covers users, services and their templates, machines, tasks and their templates, customers, vehicle users, locations, and leads, including lead-to-customer conversions. Additionally, we record file and report uploads/downloads, errors, security events, connection breaks, slow operations, and imports in each category.

Expected result:
Monitoring and logging of next main CRUD actions:

• All actions related to user authorization, account, such as account creation, login attempts, failed login attempts, password changes
• All actions related to creating/updating/deleting in users section
• All actions related to creating/updating/deleting in services section, service templates
• All actions related to creating/updating/deleting in vehicles section
• All actions related to creating/updating/deleting in tasks section, including task templates
• All actions related to creating/updating/deleting in customers section
• All actions related to creating/updating/deleting in vehicle users section
• All actions related to creating/updating/deleting in locations section
• All actions related to creating/updating/deleting in leads section, including transition from lead to customer
• All import actions in sections mentioned above

• All file imports for the sections mentioned above
• All file exports for the sections mentioned above

• Errors on actions listed above

- THIS LISTS NEEDS TO BE REVISED -

**Alerts on next events (included, but not limited to): **

• More than N files exported in a single request / within a very short interval ()
• The same report uploaded N + times in a short interval
• Record that’s created or updated but still missing from the DB after 500 ms
• More than N failed login attempts from any user within one minute
• More than N failed logins in total, or N + consecutive failures for the same account
• Any operation whose duration significantly exceeds the normal threshold
• A burst of identical errors in a short time window

Proposal:

• Personal data (email, phone, VIN, tokens) is masked; only hashes or abbreviated values remain in the log.
• Each upload/download of a file or package of files is logged with the size and number.
• The import event contains the number of rows and the number of successful/failed records.
• Any prohibited action or call is logged with the full context and request body size.