Skip to Content

Comprehensive documentation to help you get started and make the most of this feature.

Launchpanel - Laravel Admin Panel & Dynamic Website Starter Kit Updated 2 days ago

Security Events

10 min read
Updated 2 days ago

Security Events

Overview

The Security Events module provides real-time monitoring and logging of security-related activities in your admin panel. It tracks failed login attempts, account lockouts, permission changes, suspicious activities, and other security-relevant events. This module helps you identify potential security threats, investigate incidents, and maintain awareness of your system's security posture.

Unlike audit logs which track all administrative actions, security events focus specifically on activities that may indicate security concerns or require immediate attention.

Accessing Security Events

Navigation path: Dashboard > Security > Events

Required permission: security.events.view

Key Features

  • Real-time Event Monitoring: Track security events as they occur
  • Severity Classification: Events categorized by severity (Critical, High, Medium, Low)
  • Dashboard Statistics: Quick overview of recent security activity
  • Event Filtering: Filter by type, severity, date, and user
  • Detailed Event Information: View complete details including metadata
  • Alert Notifications: Automatic alerts for critical events (if configured)
  • Event Management: Delete old or resolved events

Main Interface

Dashboard Statistics

Four cards at the top provide quick insights:

  1. Critical Events (24h): Number of critical severity events in the last 24 hours
  2. High Events (24h): Number of high severity events in the last 24 hours
  3. Failed Logins (Today): Total failed login attempts today
  4. Locked Accounts: Number of currently locked accounts

These statistics help you quickly assess if there are any immediate security concerns.

Filter Section

Filter events by:

  • Event Type: Failed login, account locked, permission change, suspicious activity
  • Severity: Critical, high, medium, low
  • From Date: Show events from this date forward

Events Table

The main table displays security events with the following columns:

  • Time: When the event occurred (YYYY-MM-DD HH:MM:SS format)
  • Event Type: Category of the security event
  • Severity: Color-coded severity badge
  • User: User associated with the event (if applicable)
  • IP Address: Source IP address
  • Description: Brief description of the event
  • Actions: View details button

Severity Badges

Events are color-coded by severity:

  • Red (Critical): Immediate attention required
  • Orange (High): Important security concern
  • Yellow (Medium): Notable event requiring review
  • Blue (Low): Informational security event

Event Types

Failed Login

Description: Someone attempted to log in with incorrect credentials

Severity: Low to Medium (escalates with repeated attempts)

Common Causes:

  • User forgot password
  • Typo in password
  • Brute force attack attempt
  • Credential stuffing attack

What to Check:

  • Number of attempts from same IP
  • Multiple usernames from same IP
  • Pattern of attempts (automated vs. manual)
  • Geographic location of IP

Account Locked

Description: An account was automatically locked due to failed login attempts

Severity: Medium to High

Common Causes:

  • Exceeded maximum failed login attempts
  • User forgot password and kept trying
  • Automated attack triggered lockout

What to Do:

  • Verify the user is legitimate
  • Check for attack patterns
  • Unlock account if legitimate user
  • Investigate if suspicious

Permission Change

Description: User permissions or roles were modified

Severity: Medium to High

Common Causes:

  • Administrator updated user permissions
  • Role assignments changed
  • Privilege escalation attempt (if unauthorized)

What to Check:

  • Who made the change
  • What permissions were added/removed
  • Whether the change was authorized
  • If the user requested the change

Suspicious Activity

Description: Unusual behavior detected that may indicate a security threat

Severity: High to Critical

Examples:

  • Multiple failed 2FA attempts
  • Access from unusual location
  • Rapid succession of actions
  • Attempts to access restricted resources
  • SQL injection attempts
  • XSS attempts

What to Do:

  • Investigate immediately
  • Review related audit logs
  • Consider disabling affected accounts
  • Check for data breaches
  • Update security measures

Common Tasks

Task 1: Viewing Recent Security Events

  1. Navigate to Dashboard > Security > Events
  2. Review the dashboard statistics for any concerning numbers
  3. Scroll through the events table
  4. Look for patterns or unusual activity
  5. Click View on any event for more details

Result: You can see recent security activity at a glance.

Task 2: Investigating Failed Login Attempts

  1. Navigate to Dashboard > Security > Events
  2. In the filter section, select Event Type: "Failed Login"
  3. Click Filter
  4. Review the list of failed attempts
  5. Look for:
    • Multiple attempts from the same IP
    • Attempts on multiple accounts from one IP
    • Geographic patterns
  6. Click View on suspicious entries for details

Result: You can identify potential brute force attacks or users having trouble logging in.

Task 3: Filtering Critical Events

  1. Navigate to Dashboard > Security > Events
  2. In the filter section, select Severity: "Critical"
  3. Click Filter
  4. Review all critical events
  5. Investigate each one thoroughly
  6. Take appropriate action based on findings

Result: You can focus on the most serious security concerns.

Task 4: Viewing Event Details

  1. Navigate to Dashboard > Security > Events
  2. Find the event you want to examine
  3. Click View in the Actions column
  4. Review the detailed information:
    • Event type and severity
    • Exact timestamp
    • User information (name, email)
    • IP address
    • User agent (browser/device)
    • Full description
    • Metadata (additional technical details)
    • Notification status

Result: You have complete information about the security event.

Task 5: Investigating a Specific User's Security Events

  1. Navigate to Dashboard > Security > Events
  2. Scroll through the table or use filters
  3. Look for events associated with the specific user
  4. Review their security-related activities
  5. Check for patterns or concerns

Result: You can see all security events related to a particular user.

Note: Currently there's no user filter, but you can search visually or check audit logs for more detailed user activity.

Task 6: Monitoring Events from a Specific IP

  1. Navigate to Dashboard > Security > Events
  2. Scan the IP Address column for the target IP
  3. Review all events from that IP
  4. Look for suspicious patterns
  5. Consider adding IP to whitelist or blacklist

Result: You can track activity from a specific IP address.

Task 7: Reviewing Events from a Date Range

  1. Navigate to Dashboard > Security > Events
  2. In the filter section, set From Date to your start date
  3. Click Filter
  4. Review events from that date forward
  5. Look for trends or incidents

Result: You can analyze security events over a specific time period.

Task 8: Deleting Old Security Events

  1. Navigate to Dashboard > Security > Events
  2. Find an event you want to delete
  3. Click View to open the event details
  4. Scroll to the bottom
  5. Click Delete Event
  6. Confirm the deletion

Result: The security event is permanently removed.

Note: Only delete events that have been fully investigated and resolved. Keep events for compliance and historical analysis.

Event Details Page

When you view an event, you'll see:

Event Information Section

  • Event Type: Category of the event
  • Severity: Severity level with color-coded badge
  • Date & Time: Exact timestamp
  • IP Address: Source IP

User Information Section

  • User: Name and email (if applicable)
  • User Agent: Browser and device information
  • Notified: Whether alerts were sent and when

Description

Full description of what happened

Metadata

Technical details in JSON format, may include:

  • Request details
  • Error messages
  • Stack traces
  • Additional context

Severity Levels

Critical

Definition: Immediate security threat requiring urgent action

Examples:

  • Multiple failed 2FA attempts
  • Successful privilege escalation
  • Data breach detected
  • SQL injection attempt
  • Unauthorized access to sensitive data

Response: Investigate immediately, take defensive action

High

Definition: Significant security concern requiring prompt attention

Examples:

  • Account locked due to failed attempts
  • Unauthorized permission changes
  • Access from suspicious location
  • Multiple failed login attempts
  • Unusual activity patterns

Response: Investigate within hours, monitor closely

Medium

Definition: Notable security event requiring review

Examples:

  • Permission changes (authorized)
  • Failed login attempts (few)
  • Password changes
  • 2FA setup/removal
  • Access from new location

Response: Review during regular security checks

Low

Definition: Informational security event

Examples:

  • Single failed login
  • Successful 2FA verification
  • Normal permission checks
  • Routine security validations

Response: Monitor for patterns, no immediate action needed

Permissions

The following permissions control access to security events:

  • security.events.view: Can view security events
  • security.events.delete: Can delete security events
  • security.events.manage: Full access to security events

Note: Access should be limited to security administrators and senior staff.

Tips and Best Practices

Daily Monitoring

  • Check the dashboard statistics every day
  • Review critical and high severity events immediately
  • Look for unusual patterns or spikes
  • Investigate any locked accounts
  • Monitor failed login attempts

Pattern Recognition

  • Watch for multiple failed logins from same IP
  • Look for attempts on multiple accounts
  • Notice access from unusual locations
  • Identify time-based patterns (attacks often occur at night)
  • Track escalating severity levels

Incident Response

  • Document all security incidents
  • Take screenshots of relevant events
  • Export related audit logs
  • Notify appropriate personnel
  • Follow your incident response plan
  • Update security measures based on findings

Alert Configuration

  • Configure alerts in Security Settings
  • Set appropriate thresholds for notifications
  • Use multiple alert channels (email, database)
  • Test alert delivery regularly
  • Ensure alerts go to monitored addresses

Event Retention

  • Keep security events for compliance period
  • Export and archive old events
  • Delete only after thorough investigation
  • Maintain separate backup of critical events
  • Document retention policy

Integration with Other Tools

  • Cross-reference with audit logs
  • Check IP addresses in IP whitelist
  • Review user accounts in user management
  • Correlate with system logs
  • Use external threat intelligence

Troubleshooting

Problem: Too Many False Positives

Solution:

  1. Review and adjust severity thresholds in Security Settings
  2. Whitelist known safe IPs
  3. Adjust failed login thresholds
  4. Fine-tune suspicious activity detection
  5. Document known patterns to ignore

Problem: Missing Expected Events

Solution:

  1. Verify security monitoring is enabled in Security Settings
  2. Check that event logging is working
  3. Review application logs for errors
  4. Verify database connectivity
  5. Check that the event type is being tracked

Problem: Not Receiving Alerts

Solution:

  1. Verify alert configuration in Security Settings
  2. Check that monitoring is enabled
  3. Verify email addresses are correct
  4. Test mail configuration
  5. Check spam/junk folders
  6. Review application logs for email errors

Problem: Can't Determine if Event is Legitimate

Solution:

  1. Check audit logs for related actions
  2. Contact the user to verify activity
  3. Review IP address location
  4. Check user agent for device information
  5. Look at timing and patterns
  6. When in doubt, investigate further

Problem: Overwhelming Number of Events

Solution:

  1. Use filters to focus on high/critical events
  2. Adjust thresholds to reduce noise
  3. Whitelist known safe IPs
  4. Set up automated alerts for critical events only
  5. Review and clean up old events regularly
  6. Consider implementing rate limiting

Problem: Can't Delete Events

Solution:

  1. Verify you have security.events.delete permission
  2. Check if event is locked or protected
  3. Review application logs for errors
  4. Try refreshing the page
  5. Contact system administrator

Related Modules

Need More Help?

Our comprehensive documentation covers everything from basic setup to advanced configurations. Check out these additional resources:

Was this helpful?

Let us know if you found this documentation useful.