Looking to hire Laravel developers? Try LaraJobs

laravel-sdk maintained by soc-warden

Description
SOCWarden security observability SDK for Laravel — detect brute force, impossible travel, credential spray, and more from one API call.
Author
SOCWarden
Last update
2026/05/12 08:22 (dev-main)
License
MIT
Links
Homepage - GitHub - Packagist
Downloads
0
Tags
security - laravel - siem - observability - threat-detection - socwarden

dev-main

Last update
2026/05/12 08:22
License
MIT
Require
  • php ^8.2
  • illuminate/support ^11.0|^12.0
  • illuminate/http ^11.0|^12.0
  • guzzlehttp/guzzle ^7.0
v1.0.0-alpha.3

Last update
2026/05/12 08:22
License
MIT
Require
  • php ^8.2
  • illuminate/support ^11.0|^12.0
  • illuminate/http ^11.0|^12.0
  • guzzlehttp/guzzle ^7.0
v1.0.0-alpha.2

Last update
2026/05/12 04:40
License
MIT
Require
  • php ^8.2
  • illuminate/support ^11.0|^12.0
  • illuminate/http ^11.0|^12.0
  • guzzlehttp/guzzle ^7.0
v0.0.1

Last update
2026/05/12 04:40
v1.0.0-alpha.1

Last update
2026/05/12 04:21
License
MIT
Require
  • php ^8.2
  • illuminate/support ^11.0|^12.0
  • illuminate/http ^11.0|^12.0
  • guzzlehttp/guzzle ^7.0
Comments
comments powered by Disqus

SOCWarden Laravel SDK

Security observability SDK for Laravel applications. Sends security events to the SOCWarden ingestor.

Installation

composer require soc-warden/laravel-sdk

Configuration

Publish the config file:

php artisan vendor:publish --tag=socwarden-config

Add to your .env:

SOCWARDEN_API_KEY=sk_live_your_key_here

Usage

Track events manually

use SOCWarden\Facades\SOCWarden;

SOCWarden::track('auth.login.success', [
    'actor_id' => $user->id,
    'actor_email' => $user->email,
]);

Middleware

Register the middleware to automatically capture request context:

// bootstrap/app.php (Laravel 11+)
->withMiddleware(function (Middleware $middleware) {
    $middleware->append(\SOCWarden\Middleware\CaptureContext::class);
})

Automatic Auth Events

By default, the SDK listens to Laravel auth events (Login, Failed, Logout, Registered, PasswordReset) and tracks them automatically. Disable with:

SOCWARDEN_LISTEN_AUTH=false

Environment Variables

Variable Default Description
SOCWARDEN_API_KEY Your SOCWarden API key
SOCWARDEN_ENDPOINT https://ingestor.socwarden.com Ingestor endpoint
SOCWARDEN_AUTO_CONTEXT true Auto-collect request context
SOCWARDEN_QUEUE true Dispatch events via queue
SOCWARDEN_QUEUE_CONNECTION null Queue connection name
SOCWARDEN_QUEUE_NAME default Queue name
SOCWARDEN_BROWSER_HEADER X-SOCWarden-Context Browser context relay header
SOCWARDEN_LISTEN_AUTH true Auto-track auth events
SOCWARDEN_TIMEOUT 5 HTTP timeout in seconds