Security & SIEM
Continuous SIEM delivery from the append-only audit log. Sinks are opt-in via env vars; failures retry up to 3× with backoff and never block /api/*. PHI minimisation: only ids + action codes + timestamps + integrity hash are exported. DetailsJson is intentionally excluded.
JSON array of CIDR strings (IPv4 + IPv6). ANDed with the global RADIOPAD_IP_ALLOWLIST envvar. Loopback (127.0.0.1, ::1) is always allowed. X-Forwarded-For is honoured only when RADIOPAD_TRUST_FORWARDED_FOR=1.
Active: — (none configured)
Active limits (60-second fixed window):
- Per-IP: 100 req/min (override
RADIOPAD_RATE_LIMIT_IP_PER_MIN) - Per-tenant: 5000 req/min (override
RADIOPAD_RATE_LIMIT_TENANT_PER_MIN) - Bypass:
/api/health,/api/health/ready, loopback
Rejections return RFC-7807 problem+json with kind: "rate_limited" and a Retry-After header.
Latest 50 entries from the anomaly detector (audit action SecurityAlert).
No alerts in the audit window.
Anomaly detector POSTs JSON to RADIOPAD_SECURITY_WEBHOOK_URL with an X-RadioPad-Signature: sha256=<hex> HMAC header derived from RADIOPAD_SECURITY_WEBHOOK_SECRET. The secret is never echoed back in responses or audit rows.
In-process synthetic monitor. Probes the listed health endpoints every RADIOPAD_AVAILABILITY_PROBE_INTERVAL_SEC seconds and maintains a 5-minute rolling failure window. Burn-rate breaches above the configured threshold append a SystemAlert audit row with kind=availability_burn_rate.
Loading…
Loading…
Continuous SIEM delivery is the default. For ad-hoc compliance pulls use the snapshot endpoint GET /api/audit/siem?format=json|cef.