Intrusion Detection System Architecture integrates Windows Failed Login Events and Manual Capture Requests as dual input sources feeding a Trigger Detection layer. Upon detection, the system activates Webcam Capture via OpenCV to acquire real-time imagery, which flows through Image Storage Processing before persisting to a Security Snapshots Folder. Simultaneously, Trigger Detection logs events to a Security Logs Database, enabling Security Alerts and Notifications to UI for immediate incident response. This architecture demonstrates defense-in-depth by correlating authentication anomalies with visual evidence, reducing false positives and enabling forensic analysis. Fork this diagram on Diagrams.so to customize input sources, add additional sensors, or integrate with your SIEM platform. The modular design allows independent scaling of the Processing, Storage, and Output layers to match your organization's security posture and compliance requirements.