/** * Enhanced Security Service Example * * Demonstrates how to integrate performance optimization systems * into existing services using decorators and integration utilities. */ import { AuditOutcome, AuditSeverity } from "../securityAuditLogger"; import { AlertChannel, type MonitoringConfig } from "../securityMonitoring"; import type { Alert, SecurityEvent } from "../types/security"; import { ThreatLevel } from "../types/security"; import { AlertManagementService } from "./AlertManagementService"; import { SecurityEventProcessor } from "./SecurityEventProcessor"; import { ThreatDetectionService } from "./ThreatDetectionService"; /** * Configuration for enhanced security service */ export interface EnhancedSecurityConfig { cacheEnabled: boolean; deduplicationEnabled: boolean; monitoringEnabled: boolean; threatCacheTtl: number; alertCacheTtl: number; } /** * Enhanced Security Service with integrated performance optimizations */ // @PerformanceEnhanced({ // cache: { // enabled: true, // cacheName: "security-cache", // ttl: 10 * 60 * 1000, // 10 minutes // }, // deduplication: { // enabled: true, // deduplicatorName: "security", // ttl: 5 * 60 * 1000, // 5 minutes // }, // monitoring: { // enabled: true, // recordRequests: true, // }, // }) export class EnhancedSecurityService { private eventProcessor: SecurityEventProcessor; private threatDetection: ThreatDetectionService; private alertManager: AlertManagementService; private config: EnhancedSecurityConfig; constructor(config: Partial = {}) { this.config = { cacheEnabled: true, deduplicationEnabled: true, monitoringEnabled: true, threatCacheTtl: 15 * 60 * 1000, // 15 minutes alertCacheTtl: 5 * 60 * 1000, // 5 minutes ...config, }; // Create a default monitoring config for the services const defaultMonitoringConfig: MonitoringConfig = { thresholds: { failedLoginsPerMinute: 5, failedLoginsPerHour: 10, rateLimitViolationsPerMinute: 50, cspViolationsPerMinute: 10, adminActionsPerHour: 20, massDataAccessThreshold: 1000, suspiciousIPThreshold: 5, }, alerting: { enabled: true, channels: [AlertChannel.EMAIL, AlertChannel.WEBHOOK], suppressDuplicateMinutes: 5, escalationTimeoutMinutes: 30, }, retention: { alertRetentionDays: 30, metricsRetentionDays: 90, }, }; this.eventProcessor = new SecurityEventProcessor(); this.threatDetection = new ThreatDetectionService(defaultMonitoringConfig); this.alertManager = new AlertManagementService(defaultMonitoringConfig); } /** * Process security event with caching and deduplication */ // @PerformanceOptimized({ // cache: { enabled: true, ttl: 2 * 60 * 1000 }, // 2 minutes // deduplication: { enabled: true, ttl: 1 * 60 * 1000 }, // 1 minute // monitoring: { enabled: true }, // }) async processSecurityEvent(event: SecurityEvent): Promise<{ processed: boolean; threatLevel: ThreatLevel; alertsTriggered: Alert[]; performanceMetrics: { processingTime: number; cacheHit: boolean; threatAnalysisTime: number; }; }> { const startTime = performance.now(); // Process the event by adding it to the buffer this.eventProcessor.addEvent( event.type as any, // Cast to SecurityEventType AuditOutcome.SUCCESS, // Default outcome { metadata: event.metadata }, AuditSeverity.INFO ); // Analyze threat with caching const threatLevel = await this.analyzeThreatWithCache(event); // Generate alerts if needed const alertsTriggered = await this.generateAlertsIfNeeded( event, threatLevel ); const processingTime = performance.now() - startTime; return { processed: true, // Event was successfully added to buffer threatLevel, alertsTriggered, performanceMetrics: { processingTime, cacheHit: false, // Will be set by caching layer threatAnalysisTime: processingTime * 0.6, // Estimated }, }; } /** * Analyze threat level with advanced caching */ // @Cached("threat-analysis", 15 * 60 * 1000) // 15 minute cache // @Deduplicated("threat-analysis", 5 * 60 * 1000) // 5 minute deduplication // @Monitored("threat-analysis") private async analyzeThreatWithCache( event: SecurityEvent ): Promise { // Convert SecurityEvent to the format expected by ThreatDetectionService const result = await this.threatDetection.detectImmediateThreats( event.type as any, // Cast to SecurityEventType AuditOutcome.SUCCESS, { metadata: event.metadata }, // Cast to AuditLogContext event.metadata ); // Return threat level based on detected threats if (result.threats.length === 0) { return ThreatLevel.LOW; } // Find the highest severity threat const highestSeverity = result.threats.reduce((max, threat) => { const severityOrder = { LOW: 1, MEDIUM: 2, HIGH: 3, CRITICAL: 4 }; const current = severityOrder[threat.severity as keyof typeof severityOrder] || 1; const maxVal = severityOrder[max as keyof typeof severityOrder] || 1; return current > maxVal ? threat.severity : max; }, "LOW" as any); // Map AlertSeverity to ThreatLevel switch (highestSeverity) { case "CRITICAL": return ThreatLevel.CRITICAL; case "HIGH": return ThreatLevel.HIGH; case "MEDIUM": return ThreatLevel.MEDIUM; default: return ThreatLevel.LOW; } } /** * Generate alerts with intelligent caching */ // @PerformanceOptimized({ // cache: { // enabled: true, // ttl: 5 * 60 * 1000, // keyGenerator: (event: SecurityEvent, threatLevel: ThreatLevel) => // `alerts:${event.type}:${event.severity}:${threatLevel}`, // }, // monitoring: { enabled: true }, // }) private async generateAlertsIfNeeded( _event: SecurityEvent, threatLevel: ThreatLevel ): Promise { if (threatLevel === ThreatLevel.LOW) { return []; } // Generate alerts based on threat level and event // For now, return empty array as this is a mock implementation // In a real implementation, you would create appropriate alerts return []; } /** * Get security metrics with heavy caching */ // @Cached("security-metrics", 5 * 60 * 1000) // 5 minute cache // @Monitored("security-metrics") async getSecurityMetrics(timeRange: { start: Date; end: Date }): Promise<{ totalEvents: number; threatDistribution: Record; alertCounts: Record; performanceStats: { avgProcessingTime: number; cacheHitRate: number; deduplicationRate: number; }; }> { // This would typically involve expensive database queries const events = await this.getSecurityEvents(timeRange); const metrics = { totalEvents: events.length, threatDistribution: this.calculateThreatDistribution(events), alertCounts: await this.getAlertCounts(timeRange), performanceStats: { avgProcessingTime: 150, // ms cacheHitRate: 0.75, deduplicationRate: 0.45, }, }; return metrics; } /** * Bulk process events with intelligent batching and caching */ // @PerformanceOptimized({ // deduplication: { // enabled: true, // ttl: 2 * 60 * 1000, // keyGenerator: (events: SecurityEvent[]) => // `bulk:${events.length}:${events // .map((e) => e.id) // .sort() // .join(",") // .substring(0, 50)}`, // }, // monitoring: { enabled: true }, // }) async bulkProcessEvents(events: SecurityEvent[]): Promise<{ results: Array<{ eventId: string; processed: boolean; threatLevel: ThreatLevel; processingTime: number; }>; summary: { totalProcessed: number; avgProcessingTime: number; threatLevelCounts: Record; }; }> { const startTime = performance.now(); const results: Array<{ eventId: string; processed: boolean; threatLevel: ThreatLevel; processingTime: number; }> = []; const threatLevelCounts: Record = { [ThreatLevel.LOW]: 0, [ThreatLevel.MEDIUM]: 0, [ThreatLevel.HIGH]: 0, [ThreatLevel.CRITICAL]: 0, }; // Process events in batches for better performance const batchSize = 10; for (let i = 0; i < events.length; i += batchSize) { const batch = events.slice(i, i + batchSize); const batchResults = await this.processBatch(batch); results.push(...batchResults); // Update counts batchResults.forEach((result) => { threatLevelCounts[result.threatLevel]++; }); } const totalTime = performance.now() - startTime; return { results, summary: { totalProcessed: results.length, avgProcessingTime: totalTime / results.length, threatLevelCounts, }, }; } /** * Get real-time security status with aggressive caching */ // @Cached("security-status", 30 * 1000) // 30 second cache for real-time data // @Monitored("security-status") async getSecurityStatus(): Promise<{ status: "SECURE" | "WARNING" | "CRITICAL"; activeThreats: number; recentAlerts: Alert[]; systemHealth: { eventProcessingRate: number; avgResponseTime: number; errorRate: number; }; }> { const [activeThreats, recentAlerts, systemHealth] = await Promise.all([ this.getActiveThreatsCount(), this.getRecentAlerts(10), this.getSystemHealthMetrics(), ]); const status = activeThreats > 5 ? "CRITICAL" : activeThreats > 2 ? "WARNING" : "SECURE"; return { status, activeThreats, recentAlerts, systemHealth, }; } /** * Search security events with intelligent caching based on query patterns */ // @PerformanceOptimized({ // cache: { // enabled: true, // ttl: 10 * 60 * 1000, // 10 minutes // keyGenerator: (query: Record) => `search:${JSON.stringify(query)}`, // }, // deduplication: { // enabled: true, // ttl: 5 * 60 * 1000, // }, // }) async searchSecurityEvents(query: { eventType?: string; severity?: string; timeRange?: { start: Date; end: Date }; ipAddress?: string; limit?: number; }): Promise<{ events: SecurityEvent[]; total: number; aggregations: { byType: Record; bySeverity: Record; byHour: Record; }; }> { // This represents an expensive search operation const events = await this.performSearch(query); const aggregations = this.calculateAggregations(events); return { events: events.slice(0, query.limit || 100), total: events.length, aggregations, }; } // Private helper methods (would be implemented based on actual data access) private async getSecurityEvents(_timeRange: { start: Date; end: Date; }): Promise { // Mock implementation return []; } private calculateThreatDistribution( _events: SecurityEvent[] ): Record { return { [ThreatLevel.LOW]: 0, [ThreatLevel.MEDIUM]: 0, [ThreatLevel.HIGH]: 0, [ThreatLevel.CRITICAL]: 0, }; } private async getAlertCounts(_timeRange: { start: Date; end: Date; }): Promise> { return {}; } private async processBatch(events: SecurityEvent[]): Promise< Array<{ eventId: string; processed: boolean; threatLevel: ThreatLevel; processingTime: number; }> > { return events.map((event) => ({ eventId: event.id, processed: true, threatLevel: ThreatLevel.LOW, processingTime: Math.random() * 100 + 50, })); } private async getActiveThreatsCount(): Promise { return Math.floor(Math.random() * 10); } private async getRecentAlerts(_limit: number): Promise { return []; } private async getSystemHealthMetrics() { return { eventProcessingRate: 150, avgResponseTime: 75, errorRate: 0.02, }; } private async performSearch( _query: Record ): Promise { // Mock search implementation return []; } private calculateAggregations(_events: SecurityEvent[]) { return { byType: {}, bySeverity: {}, byHour: {}, }; } } // Example usage and factory function export function createEnhancedSecurityService( config?: Partial ) { return new EnhancedSecurityService(config); } // Export a default enhanced instance export const securityService = createEnhancedSecurityService({ cacheEnabled: true, deduplicationEnabled: true, monitoringEnabled: true, threatCacheTtl: 15 * 60 * 1000, alertCacheTtl: 5 * 60 * 1000, });