You bought this module and need support?
Click here!
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 3553 |
| Technical Name |
audit_security_sentinel |
| License | OPL-1 |
| Website | https://neurodev.cl |
| Versions | 17.0 18.0 19.0 |
SECURITY SENTINEL · ODOO 17 / 18 / 19
The audit trail your own
administrators can’t rewrite.
administrators can’t rewrite.
Every create, write and delete is sealed into a chained HMAC-SHA256 ledger.
Tamper with a single record — edit it, delete it, reorder it — and the chain
breaks. Compliance officers are alerted automatically.
HMAC-SHA256 CHAIN / DATA MASKING / MULTI-COMPANY / LIVE OWL DASHBOARD
§ 01 · THE RISK
Why you need this
|
01
No native audit trail
Odoo’s built-in logging won’t tell you who changed what, when, and from which IP — let alone prove the log itself was never altered.
|
02
Invisible manipulation
A user with the right permissions can change a price, delete a record or edit financial data with no visible trace. By the time you notice, it is done.
|
03
Compliance demands
ISO 27001, SOX and GDPR require immutable, provable audit trails. Spreadsheets and ad-hoc reports are not enough to satisfy an auditor.
|
§ 02 · CAPABILITIES
What’s inside
|
Real-time OWL dashboard
Live KPIs, activity-by-hour charts, top models and users, and integrity status — in one fast OWL component, no page reloads.
|
Tamper-evident HMAC chain
Each entry is sealed with a chained HMAC-SHA256 over user, action, IP, company and data. Editing, deleting or reordering any record breaks the chain.
|
|
Sensitive-data masking
Passwords, tokens, API keys, IBAN and card numbers are stored as <redacted> at the source — never in clear text, not even in exports.
|
Automated integrity checks
A scheduled cron recomputes the full chain and instantly alerts Compliance Officers on any tampering, deletion or reordering.
|
|
Role-based detail access
Audit User sees metadata only; change details and detailed exports are restricted to the Compliance Officer. Separation of duties by default.
|
Compliance reports
Audit reports by date range with full change history. Export to PDF for auditors or Excel for analysis, from a one-click wizard.
|
§ 03 · INTERFACE
See it in action
FIG. 01 — REAL-TIME SECURITY DASHBOARD
FIG. 02 — IMMUTABLE AUDIT LOG · HMAC SEAL
|
FIG. 03 — AUDIT RULES
|
FIG. 04 — REPORT WIZARD
|
§ 04 · MECHANISM
How it works
| 01 |
Install & activate
Audit hooks are injected into Odoo’s core create, write and unlink via a safe, double-patch-guarded ORM extension that leaves the rest of Odoo untouched.
|
| 02 |
Define what matters
Pick the models — and optionally the exact fields — you want audited. Everything else is ignored, so the log stays signal, not noise.
|
| 03 |
Every change, sealed
From then on each change is recorded with user, IP, old/new values and a chained HMAC seal — read-only, immutable, and linked to the entry before it.
|
| 04 |
Monitor & prove
Watch the live dashboard, export compliance reports for auditors, and let the integrity cron verify the whole chain — alerting officers the moment anything breaks.
|
§ 05 · SPECIFICATION
Technical details
| ODOO VERSION | 17.0 · also published for 18.0 and 19.0 |
| MODULE VERSION | 17.0.2.1.5 |
| INTEGRITY | Chained HMAC-SHA256 with per-record previous-hash link · versioned (legacy SHA-256 still verifiable) |
| ORM HOOK | Safe patch on create / write / unlink, savepoint-isolated · double-patch guard · uninstall hook |
| PERFORMANCE | 5-minute rule cache · composite DB indexes · batch SQL · concurrency-safe chain append |
| REPORTS | PDF (QWeb) and Excel · formula-injection-safe export |
| LICENSE | OPL-1 (Odoo Proprietary) · English & Spanish included |
§ 06 · WHY THIS ONE
What sets it apart
|
Insider-proof by design
Even a database administrator can’t silently alter a record — any change breaks the cryptographic chain and surfaces on the next check.
|
Built for multi-company
Every event is tagged by company. Compliance Officers see the whole group consolidated; auditors are scoped to their own entities.
|
Audited & hardened
Reviewed line-by-line against a real client security audit — twenty findings closed in 2.1.5, from masking to chained integrity.
|
|
Built by NeuroDev
Security & audit tooling for Odoo. Questions about installation, multi-company setup or a feature request — we answer.
|
@ neurodev.odoo@gmail.com
★ github.com/neurodev-apps
◇ neurodev.cl
|
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 3553 |
| Technical Name |
audit_security_sentinel |
| License | OPL-1 |
| Website | https://neurodev.cl |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module