This gives you structured audit logging with compliance in mind. It covers the essentials like Winston for Node.js with Elasticsearch transport, retention policies, and proper formatting with timestamps and request IDs. The best practices section is solid on the obvious stuff like never logging passwords and always logging failed attempts. If you're dealing with SOC 2, HIPAA, or PCI-DSS requirements, this gets you most of the way there. The reference guides show implementations across Node.js, Python, and Java, which is helpful if you're working in a polyglot environment. The main value is having the SIEM integration patterns ready to go rather than figuring out the transport configuration yourself.
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill security-audit-logging