Security & SecOps JSON Examples

Security teams rely on structured JSON logs to detect threats, audit access, and meet compliance requirements.

Example 1: User Login Audit Log

{
  "eventType": "USER_LOGIN",
  "userId": "USR-1002",
  "ipAddress": "203.0.113.42",
  "status": "SUCCESS",
  "authMethod": "MFA",
  "device": "Chrome / Windows",
  "timestamp": "2026-01-11T08:40:00Z"
}

Example 2: IAM Permission Change

{
  "eventType": "IAM_POLICY_UPDATE",
  "actor": "admin_user",
  "targetRole": "payment-service-role",
  "action": "ATTACH_POLICY",
  "policyName": "AmazonS3ReadOnlyAccess",
  "region": "us-east-1",
  "timestamp": "2026-01-11T09:15:30Z"
}

Example 3: Intrusion Detection Alert

{
  "alertId": "ALRT-77821",
  "severity": "HIGH",
  "sourceIp": "45.33.22.18",
  "attackType": "Brute Force",
  "attempts": 32,
  "blocked": true,
  "detectedAt": "2026-01-11T10:05:00Z"
}

Example 4: API Abuse Detection

{
  "event": "RATE_LIMIT_EXCEEDED",
  "apiKey": "pk_live_9921",
  "endpoint": "/api/v1/payments",
  "requestsPerMinute": 420,
  "limit": 100,
  "actionTaken": "TEMP_BLOCK",
  "timestamp": "2026-01-11T10:20:00Z"
}

Example 5: Compliance Audit Record

{
  "auditId": "CMP-5512",
  "framework": "ISO27001",
  "control": "Access Management",
  "status": "PASS",
  "reviewedBy": "security-team",
  "reviewDate": "2026-01-10",
  "evidenceStored": true
}

Format & Explore JSON Instantly

Use these real-world JSON examples to test formatting, validation, and syntax highlighting with our online tool.

Analyze security JSON in Viewer →