Skip to content

Commit 40109a5

Browse files
stuartasiimwe7stuartasiimwe7
committed
documentation
1 parent 46639a0 commit 40109a5

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

README.md

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,4 @@
1-
## Overview
2-
3-
[![CI](https://github.com/stuartasiimwe7/cloud-security-monitoring-api/actions/workflows/ci.yml/badge.svg)](https://github.com/stuartasiimwe7/cloud-security-monitoring-api/actions/workflows/ci.yml)
4-
5-
Quick curl
6-
```bash
7-
# token
8-
TOKEN=$(curl -s -X POST http://localhost:3000/auth/dev-token | jq -r .access_token)
9-
10-
# ingest
11-
curl -H "Authorization: Bearer $TOKEN" http://localhost:3000/aws-security/fetch-events
12-
13-
# query stored
14-
curl -H "Authorization: Bearer $TOKEN" "http://localhost:3000/aws-security/db-events?limit=20"
15-
```
1+
## Overview [![CI](https://github.com/stuartasiimwe7/cloud-security-monitoring-api/actions/workflows/ci.yml/badge.svg)](https://github.com/stuartasiimwe7/cloud-security-monitoring-api/actions/workflows/ci.yml)
162

173
### Background
184
- Cloud environments generate high-volume, high-velocity activity logs (for example, AWS CloudTrail) across many accounts and regions.
@@ -32,13 +18,13 @@ curl -H "Authorization: Bearer $TOKEN" "http://localhost:3000/aws-security/db-ev
3218
- `SecurityEvent` (`jsonb` `userIdentity`, `eventDetails`).
3319
- `CloudTrailEvent` for raw event capture and parity checks.
3420
- Uses AWS SDK v3 to query CloudTrail; TypeORM to persist; `ConfigModule` for environment-based configuration.
35-
- Exposed REST endpoints:
36-
- `GET /aws-security/fetch-events`: pull and store recent CloudTrail activity.
37-
- `GET /aws-security/events`: read recent events directly from AWS.
38-
- `GET /aws-security/db-events`: query stored events with filters/pagination.
39-
- `POST /cloudtrail/test`: save provided event payload and auto-flag security-relevant ones.
40-
- Added JWT auth (Bearer) for non-health endpoints and global validation.
41-
- Added scheduled ingestion (every 10 minutes) to persist CloudTrail events.
21+
- REST endpoints:
22+
- `GET /aws-security/fetch-events`
23+
- `GET /aws-security/events`
24+
- `GET /aws-security/db-events`
25+
- `POST /cloudtrail/test`
26+
- There's WT auth for non-health endpoints and global validation.
27+
- There's scheduled ingestion (every 10 minutes) to persist CloudTrail events.
4228

4329
### Result
4430
- An API-first security monitoring layer that:
@@ -106,7 +92,21 @@ curl -H "Authorization: Bearer $(cat token.txt)" "http://localhost:3000/aws-secu
10692
- **Cloud SDKs**: AWS SDK (CloudTrail, IAM)
10793
- **Database**: PostgreSQL
10894

109-
## Installation
95+
## Want to replicate?
96+
97+
Quick curl
98+
```bash
99+
# token
100+
TOKEN=$(curl -s -X POST http://localhost:3000/auth/dev-token | jq -r .access_token)
101+
102+
# ingest
103+
curl -H "Authorization: Bearer $TOKEN" http://localhost:3000/aws-security/fetch-events
104+
105+
# query stored
106+
curl -H "Authorization: Bearer $TOKEN" "http://localhost:3000/aws-security/db-events?limit=20"
107+
```
108+
### Installation
109+
110110
Clone the repository:
111111
```bash
112112
git clone https://github.com/stuartasiimwe7/cloud-security-monitoring-api.git

0 commit comments

Comments
 (0)