Firstly I would like to start by reminding you that no client is obliged to respond to CTCP at all and for this reason CTCP replies cannot be relied upon to be sent. Secondly, clients have the full capability to falsify the contents of CTCP replies so they really should not be trusted for their values either.
Now on to your problem, A module could be written for what you want, but there is currently no core feature that provides this functionality.
There are many ways this could be achived:
1) your suggestion of parsing the security system's log channel
2) delay Denora's CTCP request
3) have neither Denora nor the security system CTCP the client, but have the IRCd do it instead and forward the reply to both
4) have the security system forward the CTCP to Denora
5) have Denora forward the CTCP to the security system
There are many many more but I can't think of them right now.