Audit Service Architecture
The Audit Service provides a comprehensive audit trail for all operations across the MATIH platform. Running on port 8086, it captures, indexes, and stores audit events with full-text search capabilities via Elasticsearch, real-time streaming via WebSocket, SIEM integration, compliance reporting, GDPR support, configurable retention policies, and alerting on suspicious activity patterns.
Service Overview
| Property | Value |
|---|---|
| Service Name | audit-service |
| Port | 8086 |
| Technology | Spring Boot 3.2, Java 21 |
| Database | PostgreSQL (JPA/Hibernate) |
| Search | Elasticsearch (full-text indexing) |
| Streaming | Kafka (async event ingestion), WebSocket (real-time) |
| Resilience | Resilience4j (circuit breakers) |
| Scheduling | Leader election for retention jobs |
| API Documentation | OpenAPI 3.0 (Swagger) |
Controllers
| Controller | Base Path | Purpose |
|---|---|---|
AuditController | /api/v1/audit | Audit event CRUD, search, time-range queries |
AuditAnalyticsController | /api/v1/audit/analytics | Dashboard metrics, time series, anomaly detection |
AuditDashboardController | /api/v1/audit/dashboard | Dashboard views |
ComplianceReportController | /api/v1/audit/reports | SOC 2, GDPR, security summary reports |
DataAccessReportController | /api/v1/audit/data-access | Data access reports and anomaly detection |
GdprController | /api/v1/gdpr | GDPR data subject requests |
SiemController | /api/v1/audit/siem | SIEM integration management |
RetentionPolicyController | /api/v1/audit/retention | Retention policy CRUD and execution |
AuditStreamingController | -- | WebSocket real-time audit stream |
AuditExportController | -- | Audit data export operations |
ArchivalController | -- | Audit data archival management |
HealthController | /health | Health and readiness probes |
Event Types
| Category | Event Types |
|---|---|
| Authentication | LOGIN, LOGOUT, LOGIN_FAILED, PASSWORD_CHANGE, PASSWORD_RESET, TOKEN_REFRESH |
| CRUD | CREATE, READ, UPDATE, DELETE |
| Administrative | PERMISSION_GRANT, PERMISSION_REVOKE, ROLE_ASSIGN, ROLE_UNASSIGN, CONFIG_CHANGE |
| System | SYSTEM_START, SYSTEM_STOP, SCHEDULED_TASK |
| Data | DATA_EXPORT, DATA_IMPORT, DATA_ACCESS |
| Security | SECURITY_ALERT, ACCESS_DENIED, RATE_LIMIT_EXCEEDED |
| API | API_CALL, WEBHOOK_SENT |
| Tenant | TENANT_PROVISIONED, TENANT_SUSPENDED, TENANT_ACTIVATED |
Security
All endpoints require JWT authentication. The service uses Spring Security with JwtAuthenticationFilter for token validation.
Next Steps
- Audit Events -- creating and querying events
- Search -- full-text search via Elasticsearch
- Analytics -- dashboards, time series, anomaly detection
- Compliance Reports -- SOC 2, GDPR, security reports
- GDPR -- data subject request management
- SIEM Integration -- Splunk, Datadog, Elasticsearch
- Retention Policies -- data lifecycle management
- API Reference -- complete endpoint listing