Stats
Actions
Tags
From prodsec-skills
Enforces audit logging for AI systems accessing sensitive external data sources. Covers what to log, transport protocols, and safety rules to prevent secrets/PII leakage.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:loggingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
If the data contained and served by external data sources is sensitive, accesses to them MUST be logged. The product SHOULD have the functionality to send these events to an external logging facility using industry standards.
If the data contained and served by external data sources is sensitive, accesses to them MUST be logged. The product SHOULD have the functionality to send these events to an external logging facility using industry standards.
| Event | Details to Capture |
|---|---|
| Data access | Who accessed what data, when, from where |
| Data modification | Who modified what data, what changed |
| Access denial | Failed access attempts (authentication or authorization failures) |
| Bulk operations | Large data exports or queries |
| Connection events | Connection establishment and teardown |
| Schema changes | Structural changes to data sources |
| Requirement | Details |
|---|---|
| External logging facility | Logs must be sendable to an external SIEM or logging platform |
| Industry standard protocols | Use syslog, OTLP, Fluentd, or equivalent |
| Structured format | JSON with consistent field names |
| Principal identity | Every log entry includes the authenticated principal |
| Configurable | Customers must be able to configure the external log destination |
| Non-repudiation | Logs should not be modifiable by the application |
| Rule | Rationale |
|---|---|
| No secrets in logs | Credentials, API keys, and session tokens must never appear in log output |
| No PII in logs | Personally identifiable information creates compliance and privacy risks |
| No session identifiers | Session IDs in logs can enable session hijacking |
| Log injection prevention | Untrusted input in logs can exploit log viewers (XSS, RCE in parsers); sanitize all values before logging |
| Trusted system logging | Logging controls must run on a trusted system (server-side), not client-side |
Log both success and failure of security events:
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsGuides structured security logging for auth flows, admin actions, and access denials to enable detection, forensics, and incident response.
Logs security-relevant events (who, what, when, where, outcome) in a structured, tamper-evident format for real-time detection and forensic reconstruction. Use when designing audit infrastructure or preparing for SOC2, HIPAA, or PCI-DSS compliance.
Enforces centralized security logging for model registries. Covers events to log, structured JSON format, standard protocols, and implementation checklist.