Updates

ETB-API/security/migrations/0001_initial.py

@@ -0,0 +1,168 @@
+# Generated by Django 5.2.6 on 2025-09-18 14:49
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+import django.db.models.deletion
+import django.utils.timezone
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AccessPolicy',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('description', models.TextField()),
+                ('policy_type', models.CharField(choices=[('ALLOW', 'Allow'), ('DENY', 'Deny')], max_length=10)),
+                ('conditions', models.JSONField(help_text='JSON conditions for policy evaluation')),
+                ('resource_type', models.CharField(blank=True, max_length=100)),
+                ('actions', models.JSONField(default=list, help_text='List of actions this policy applies to')),
+                ('priority', models.IntegerField(default=100, help_text='Lower numbers have higher priority')),
+                ('is_active', models.BooleanField(default=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'verbose_name_plural': 'Access Policies',
+                'ordering': ['priority', 'name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='DataClassification',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(choices=[('PUBLIC', 'Public'), ('INTERNAL', 'Internal'), ('CONFIDENTIAL', 'Confidential'), ('RESTRICTED', 'Restricted'), ('TOP_SECRET', 'Top Secret')], max_length=20, unique=True)),
+                ('level', models.IntegerField(help_text='Numeric level for comparison (higher = more sensitive)', unique=True)),
+                ('description', models.TextField()),
+                ('color_code', models.CharField(default='#000000', help_text='Hex color code for UI', max_length=7)),
+                ('requires_clearance', models.BooleanField(default=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'verbose_name': 'Data Classification',
+                'verbose_name_plural': 'Data Classifications',
+                'ordering': ['level'],
+            },
+        ),
+        migrations.CreateModel(
+            name='SSOProvider',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('provider_type', models.CharField(choices=[('SAML', 'SAML'), ('OAUTH2', 'OAuth 2.0'), ('OIDC', 'OpenID Connect'), ('LDAP', 'LDAP')], max_length=20)),
+                ('is_active', models.BooleanField(default=True)),
+                ('configuration', models.JSONField(default=dict)),
+                ('attribute_mapping', models.JSONField(default=dict, help_text='Mapping of SSO attributes to user fields')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('description', models.TextField()),
+                ('is_active', models.BooleanField(default=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('data_classification_access', models.ManyToManyField(blank=True, help_text='Maximum data classification level this role can access', to='security.dataclassification')),
+                ('permissions', models.ManyToManyField(blank=True, to='auth.permission')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('employee_id', models.CharField(blank=True, max_length=50, null=True, unique=True)),
+                ('department', models.CharField(blank=True, max_length=100)),
+                ('attributes', models.JSONField(blank=True, default=dict)),
+                ('mfa_enabled', models.BooleanField(default=False)),
+                ('mfa_secret', models.CharField(blank=True, max_length=32)),
+                ('last_login_ip', models.GenericIPAddressField(blank=True, null=True)),
+                ('failed_login_attempts', models.IntegerField(default=0)),
+                ('account_locked_until', models.DateTimeField(blank=True, null=True)),
+                ('sso_provider', models.CharField(blank=True, max_length=50, null=True)),
+                ('sso_identifier', models.CharField(blank=True, max_length=255, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+                ('clearance_level', models.ForeignKey(blank=True, help_text="User's security clearance level", null=True, on_delete=django.db.models.deletion.SET_NULL, to='security.dataclassification')),
+                ('roles', models.ManyToManyField(blank=True, to='security.role')),
+            ],
+            options={
+                'ordering': ['username'],
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AuditLog',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('timestamp', models.DateTimeField(auto_now_add=True, db_index=True)),
+                ('action_type', models.CharField(choices=[('LOGIN', 'User Login'), ('LOGOUT', 'User Logout'), ('LOGIN_FAILED', 'Failed Login Attempt'), ('PASSWORD_CHANGE', 'Password Changed'), ('MFA_ENABLED', 'MFA Enabled'), ('MFA_DISABLED', 'MFA Disabled'), ('ROLE_ASSIGNED', 'Role Assigned'), ('ROLE_REMOVED', 'Role Removed'), ('DATA_ACCESS', 'Data Accessed'), ('DATA_MODIFIED', 'Data Modified'), ('DATA_DELETED', 'Data Deleted'), ('ACCOUNT_LOCKED', 'Account Locked'), ('ACCOUNT_UNLOCKED', 'Account Unlocked'), ('SSO_LOGIN', 'SSO Login')], max_length=50)),
+                ('resource_type', models.CharField(blank=True, max_length=100)),
+                ('resource_id', models.CharField(blank=True, max_length=255)),
+                ('ip_address', models.GenericIPAddressField(blank=True, null=True)),
+                ('user_agent', models.TextField(blank=True)),
+                ('details', models.JSONField(default=dict)),
+                ('severity', models.CharField(choices=[('LOW', 'Low'), ('MEDIUM', 'Medium'), ('HIGH', 'High'), ('CRITICAL', 'Critical')], default='LOW', max_length=20)),
+                ('hash_value', models.CharField(help_text='SHA-256 hash for integrity verification', max_length=64, unique=True)),
+                ('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-timestamp'],
+                'indexes': [models.Index(fields=['timestamp', 'action_type'], name='security_au_timesta_0a6bfb_idx'), models.Index(fields=['user', 'timestamp'], name='security_au_user_id_88bbbb_idx'), models.Index(fields=['severity', 'timestamp'], name='security_au_severit_eb201b_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='MFADevice',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('device_type', models.CharField(choices=[('TOTP', 'Time-based One-Time Password'), ('HOTP', 'HMAC-based One-Time Password'), ('SMS', 'SMS'), ('EMAIL', 'Email'), ('HARDWARE', 'Hardware Token')], max_length=20)),
+                ('name', models.CharField(help_text='User-friendly name for the device', max_length=100)),
+                ('secret_key', models.CharField(help_text='Encrypted secret key', max_length=255)),
+                ('is_active', models.BooleanField(default=True)),
+                ('is_primary', models.BooleanField(default=False)),
+                ('last_used', models.DateTimeField(blank=True, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='mfa_devices', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-is_primary', 'name'],
+                'unique_together': {('user', 'name')},
+            },
+        ),
+    ]

ETB-API/security/migrations/0002_user_emergency_contact_user_oncall_preferences_and_more.py

@@ -0,0 +1,28 @@
+# Generated by Django 5.2.6 on 2025-09-18 15:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('security', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='emergency_contact',
+            field=models.CharField(blank=True, help_text='Emergency contact information', max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='oncall_preferences',
+            field=models.JSONField(blank=True, default=dict, help_text='On-call notification preferences'),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='phone_number',
+            field=models.CharField(blank=True, help_text='Phone number for on-call notifications', max_length=20, null=True),
+        ),
+    ]

ETB-API/security/migrations/0003_adaptiveauthentication_and_more.py

@@ -0,0 +1,264 @@
+# Generated by Django 5.2.6 on 2025-09-18 17:49
+
+import django.core.validators
+import django.db.models.deletion
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('security', '0002_user_emergency_contact_user_oncall_preferences_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AdaptiveAuthentication',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('description', models.TextField()),
+                ('low_risk_threshold', models.IntegerField(default=25, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('medium_risk_threshold', models.IntegerField(default=50, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('high_risk_threshold', models.IntegerField(default=75, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('low_risk_auth_methods', models.JSONField(default=list, help_text='Auth methods for low risk')),
+                ('medium_risk_auth_methods', models.JSONField(default=list, help_text='Auth methods for medium risk')),
+                ('high_risk_auth_methods', models.JSONField(default=list, help_text='Auth methods for high risk')),
+                ('critical_risk_auth_methods', models.JSONField(default=list, help_text='Auth methods for critical risk')),
+                ('device_trust_multiplier', models.FloatField(default=1.0, help_text='Multiplier for device trust')),
+                ('location_trust_multiplier', models.FloatField(default=1.0, help_text='Multiplier for location trust')),
+                ('time_trust_multiplier', models.FloatField(default=1.0, help_text='Multiplier for time trust')),
+                ('enable_behavioral_analysis', models.BooleanField(default=True)),
+                ('behavior_learning_period', models.IntegerField(default=30, help_text='Days to learn user behavior')),
+                ('anomaly_threshold', models.FloatField(default=0.7, help_text='Threshold for behavioral anomalies')),
+                ('ml_enabled', models.BooleanField(default=False)),
+                ('ml_model_path', models.CharField(blank=True, help_text='Path to ML model file', max_length=500)),
+                ('ml_confidence_threshold', models.FloatField(default=0.8, help_text='ML confidence threshold')),
+                ('fallback_auth_methods', models.JSONField(default=list, help_text='Fallback auth methods')),
+                ('max_auth_attempts', models.IntegerField(default=3)),
+                ('lockout_duration', models.IntegerField(default=15, help_text='Lockout duration in minutes')),
+                ('is_active', models.BooleanField(default=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='adaptive_auth_enabled',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='auth_factors_required',
+            field=models.JSONField(default=list, help_text='Required authentication factors'),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='max_risk_score',
+            field=models.IntegerField(default=100, help_text='Maximum allowed risk score', validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)]),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='min_device_trust_level',
+            field=models.CharField(choices=[('HIGH', 'High Trust'), ('MEDIUM', 'Medium Trust'), ('LOW', 'Low Trust')], default='LOW', max_length=20),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='requires_compliant_device',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='requires_device_trust',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='requires_geolocation_check',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='time_restrictions',
+            field=models.JSONField(default=dict, help_text='Time-based access restrictions'),
+        ),
+        migrations.AlterField(
+            model_name='accesspolicy',
+            name='policy_type',
+            field=models.CharField(choices=[('ALLOW', 'Allow'), ('DENY', 'Deny'), ('REQUIRE_MFA', 'Require Additional MFA'), ('STEP_UP_AUTH', 'Step-up Authentication'), ('RISK_BASED', 'Risk-based Decision')], max_length=20),
+        ),
+        migrations.CreateModel(
+            name='GeolocationRule',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('description', models.TextField()),
+                ('rule_type', models.CharField(choices=[('ALLOW', 'Allow'), ('DENY', 'Deny'), ('REQUIRE_MFA', 'Require Additional MFA'), ('RESTRICT', 'Restrict Access')], max_length=20)),
+                ('allowed_countries', models.JSONField(default=list, help_text='List of allowed country codes')),
+                ('blocked_countries', models.JSONField(default=list, help_text='List of blocked country codes')),
+                ('allowed_regions', models.JSONField(default=list, help_text='List of allowed regions/states')),
+                ('blocked_regions', models.JSONField(default=list, help_text='List of blocked regions/states')),
+                ('allowed_cities', models.JSONField(default=list, help_text='List of allowed cities')),
+                ('blocked_cities', models.JSONField(default=list, help_text='List of blocked cities')),
+                ('allowed_ip_ranges', models.JSONField(default=list, help_text='List of allowed IP ranges (CIDR)')),
+                ('blocked_ip_ranges', models.JSONField(default=list, help_text='List of blocked IP ranges (CIDR)')),
+                ('allowed_time_zones', models.JSONField(default=list, help_text='List of allowed time zones')),
+                ('working_hours_only', models.BooleanField(default=False)),
+                ('working_hours_start', models.TimeField(blank=True, null=True)),
+                ('working_hours_end', models.TimeField(blank=True, null=True)),
+                ('working_days', models.JSONField(default=list, help_text='List of working days (0-6, Monday=0)')),
+                ('max_distance_from_office', models.FloatField(blank=True, help_text='Max distance from office in km', null=True)),
+                ('office_latitude', models.FloatField(blank=True, null=True)),
+                ('office_longitude', models.FloatField(blank=True, null=True)),
+                ('notification_message', models.TextField(blank=True, help_text='Message to show when rule triggers')),
+                ('log_violation', models.BooleanField(default=True)),
+                ('require_manager_approval', models.BooleanField(default=False)),
+                ('is_active', models.BooleanField(default=True)),
+                ('priority', models.IntegerField(default=100, help_text='Lower numbers have higher priority')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('created_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['priority', 'name'],
+            },
+        ),
+        migrations.AddField(
+            model_name='accesspolicy',
+            name='geolocation_rule',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='security.geolocationrule'),
+        ),
+        migrations.CreateModel(
+            name='RiskAssessment',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('assessment_type', models.CharField(default='LOGIN', help_text='Type of assessment (LOGIN, ACCESS, TRANSACTION)', max_length=50)),
+                ('resource_type', models.CharField(blank=True, help_text='Type of resource being accessed', max_length=100)),
+                ('resource_id', models.CharField(blank=True, help_text='ID of resource being accessed', max_length=255)),
+                ('device_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('location_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('behavior_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('network_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('time_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('user_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('overall_risk_score', models.IntegerField(default=0, validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('risk_level', models.CharField(choices=[('LOW', 'Low Risk'), ('MEDIUM', 'Medium Risk'), ('HIGH', 'High Risk'), ('CRITICAL', 'Critical Risk')], default='LOW', max_length=20)),
+                ('ip_address', models.GenericIPAddressField(blank=True, null=True)),
+                ('user_agent', models.TextField(blank=True)),
+                ('location_data', models.JSONField(default=dict, help_text='Geolocation and network data')),
+                ('device_data', models.JSONField(default=dict, help_text='Device information')),
+                ('behavior_data', models.JSONField(default=dict, help_text='User behavior patterns')),
+                ('risk_factors', models.JSONField(default=list, help_text='List of identified risk factors')),
+                ('mitigation_actions', models.JSONField(default=list, help_text='Recommended mitigation actions')),
+                ('assessment_details', models.JSONField(default=dict, help_text='Detailed assessment results')),
+                ('access_decision', models.CharField(choices=[('ALLOW', 'Allow Access'), ('DENY', 'Deny Access'), ('STEP_UP', 'Step-up Authentication'), ('REVIEW', 'Manual Review Required')], default='ALLOW', max_length=20)),
+                ('decision_reason', models.TextField(blank=True)),
+                ('assessed_at', models.DateTimeField(auto_now_add=True)),
+                ('expires_at', models.DateTimeField(blank=True, null=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='risk_assessments', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-assessed_at'],
+            },
+        ),
+        migrations.CreateModel(
+            name='UserBehaviorProfile',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('typical_login_times', models.JSONField(default=list, help_text='Typical login times')),
+                ('typical_login_locations', models.JSONField(default=list, help_text='Typical login locations')),
+                ('typical_login_devices', models.JSONField(default=list, help_text='Typical login devices')),
+                ('typical_access_times', models.JSONField(default=list, help_text='Typical resource access times')),
+                ('typical_access_patterns', models.JSONField(default=list, help_text='Typical access patterns')),
+                ('typical_session_duration', models.FloatField(default=0.0, help_text='Typical session duration in hours')),
+                ('typical_ip_ranges', models.JSONField(default=list, help_text='Typical IP address ranges')),
+                ('typical_user_agents', models.JSONField(default=list, help_text='Typical user agents')),
+                ('login_frequency', models.FloatField(default=0.0, help_text='Average logins per day')),
+                ('access_frequency', models.FloatField(default=0.0, help_text='Average resource accesses per day')),
+                ('anomaly_score', models.FloatField(default=0.0, help_text='Current anomaly score')),
+                ('is_learning', models.BooleanField(default=True)),
+                ('learning_start_date', models.DateTimeField(auto_now_add=True)),
+                ('learning_complete_date', models.DateTimeField(blank=True, null=True)),
+                ('sample_count', models.IntegerField(default=0, help_text='Number of samples used for learning')),
+                ('last_updated', models.DateTimeField(auto_now=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='behavior_profile', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-last_updated'],
+            },
+        ),
+        migrations.CreateModel(
+            name='DevicePosture',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('device_id', models.CharField(help_text='Unique device identifier', max_length=255, unique=True)),
+                ('device_name', models.CharField(blank=True, max_length=200)),
+                ('device_type', models.CharField(choices=[('DESKTOP', 'Desktop Computer'), ('LAPTOP', 'Laptop Computer'), ('MOBILE', 'Mobile Device'), ('TABLET', 'Tablet'), ('SERVER', 'Server'), ('IOT', 'IoT Device'), ('UNKNOWN', 'Unknown Device')], default='UNKNOWN', max_length=20)),
+                ('os_type', models.CharField(choices=[('WINDOWS', 'Windows'), ('MACOS', 'macOS'), ('LINUX', 'Linux'), ('ANDROID', 'Android'), ('IOS', 'iOS'), ('UNKNOWN', 'Unknown OS')], default='UNKNOWN', max_length=20)),
+                ('os_version', models.CharField(blank=True, max_length=100)),
+                ('browser_info', models.CharField(blank=True, max_length=200)),
+                ('is_managed', models.BooleanField(default=False, help_text='Is device managed by organization')),
+                ('has_antivirus', models.BooleanField(default=False)),
+                ('antivirus_status', models.CharField(blank=True, max_length=50)),
+                ('firewall_enabled', models.BooleanField(default=False)),
+                ('encryption_enabled', models.BooleanField(default=False)),
+                ('screen_lock_enabled', models.BooleanField(default=False)),
+                ('biometric_auth', models.BooleanField(default=False)),
+                ('ip_address', models.GenericIPAddressField(blank=True, null=True)),
+                ('mac_address', models.CharField(blank=True, max_length=17)),
+                ('network_type', models.CharField(blank=True, help_text='Corporate, Public, Home, etc.', max_length=50)),
+                ('vpn_connected', models.BooleanField(default=False)),
+                ('risk_score', models.IntegerField(default=0, help_text='Device risk score (0-100, higher = more risky)', validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(100)])),
+                ('last_assessment', models.DateTimeField(auto_now=True)),
+                ('assessment_details', models.JSONField(default=dict, help_text='Detailed assessment results')),
+                ('is_compliant', models.BooleanField(default=False)),
+                ('compliance_issues', models.JSONField(default=list, help_text='List of compliance issues')),
+                ('is_active', models.BooleanField(default=True)),
+                ('is_trusted', models.BooleanField(default=False)),
+                ('trust_level', models.CharField(choices=[('HIGH', 'High Trust'), ('MEDIUM', 'Medium Trust'), ('LOW', 'Low Trust'), ('UNTRUSTED', 'Untrusted')], default='LOW', max_length=20)),
+                ('first_seen', models.DateTimeField(auto_now_add=True)),
+                ('last_seen', models.DateTimeField(auto_now=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='device_postures', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-last_seen'],
+                'indexes': [models.Index(fields=['user', 'is_active'], name='security_de_user_id_b40615_idx'), models.Index(fields=['device_id'], name='security_de_device__3e5496_idx'), models.Index(fields=['risk_score', 'trust_level'], name='security_de_risk_sc_248ac7_idx'), models.Index(fields=['is_compliant', 'is_trusted'], name='security_de_is_comp_4de70c_idx')],
+            },
+        ),
+        migrations.AddIndex(
+            model_name='geolocationrule',
+            index=models.Index(fields=['rule_type', 'is_active'], name='security_ge_rule_ty_2a030f_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='geolocationrule',
+            index=models.Index(fields=['priority'], name='security_ge_priorit_3ffb41_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='riskassessment',
+            index=models.Index(fields=['user', 'assessed_at'], name='security_ri_user_id_d9ab1c_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='riskassessment',
+            index=models.Index(fields=['overall_risk_score', 'risk_level'], name='security_ri_overall_4cd9c9_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='riskassessment',
+            index=models.Index(fields=['access_decision'], name='security_ri_access__e109fb_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='userbehaviorprofile',
+            index=models.Index(fields=['user', 'is_learning'], name='security_us_user_id_9b04d7_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='userbehaviorprofile',
+            index=models.Index(fields=['anomaly_score'], name='security_us_anomaly_2ca992_idx'),
+        ),
+    ]

ETB-API/security/migrations/0004_securityevent.py

@@ -0,0 +1,34 @@
+# Generated by Django 5.2.6 on 2025-09-18 20:06
+
+import django.db.models.deletion
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('security', '0003_adaptiveauthentication_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='SecurityEvent',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('event_type', models.CharField(choices=[('user_login', 'User Login'), ('user_logout', 'User Logout'), ('login_failure', 'Login Failure'), ('suspicious_request', 'Suspicious Request'), ('threat_detected', 'Threat Detected'), ('access_denied', 'Access Denied'), ('privilege_escalation', 'Privilege Escalation'), ('data_breach', 'Data Breach'), ('malware_detected', 'Malware Detected'), ('anomalous_behavior', 'Anomalous Behavior')], max_length=50)),
+                ('severity', models.CharField(choices=[('info', 'Info'), ('warning', 'Warning'), ('error', 'Error'), ('critical', 'Critical')], max_length=20)),
+                ('description', models.TextField()),
+                ('ip_address', models.GenericIPAddressField(blank=True, null=True)),
+                ('user_agent', models.TextField(blank=True)),
+                ('metadata', models.JSONField(blank=True, default=dict)),
+                ('timestamp', models.DateTimeField(auto_now_add=True)),
+                ('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-timestamp'],
+                'indexes': [models.Index(fields=['event_type', 'timestamp'], name='security_se_event_t_1a00f0_idx'), models.Index(fields=['severity', 'timestamp'], name='security_se_severit_5c25b4_idx'), models.Index(fields=['user', 'timestamp'], name='security_se_user_id_6ceb62_idx')],
+            },
+        ),
+    ]