Hi Tishan, Couple of questions, 1. How would you "define" the regions? 2. wouldn't a user use an app across regions ? (basically requests coming from different regions)
Thanks, Sachith On Thu, Feb 18, 2016 at 12:55 PM, Tishan Dahanayakage <[email protected]> wrote: > Hi Sachith, > > On Thu, Feb 18, 2016 at 12:17 PM, Sachith Withana <[email protected]> > wrote: > >> Hi all, >> >> I'm working on Request source IP change alerting for APIM analytics - If >> the source IP is different from the usual IP range of a access token >> bearer, we should send an alert out. This possibly means that the access >> token is in the hands of someone else. >> >> There will be couple of triggers that would generate the alerts for >> unusual request ip changes ( where the ip would lie outside the users >> 'usual' ip range) >> >> >> 1. Time difference between the last access time and the current >> access time >> This means if a certain ip has not been used for a x amount of time ( >> x is configurable) >> and gets a request from that ip, an alert would be generated. ( much >> like Gmail requesting you to login when you access it from a different >> continent) >> >> 2. The request count for the ip is low >> ( ex: couple of accesses for a whole month) and gets a request from >> that IP >> an alert would be generated ( again the count is configurable) >> >> >> Both of above criteria are more like abnormal request patterns. Not > unusual ip changes AFAIU. Isn't it? Shall we have some rules such as ip > changes between different regions within short time period? > > > Thanks > Tishan > > >> 1. >> >> This would be implemented maintaining an event table for each consumerID >> with IPs accessed along with the count for that specific consumerID,IP pair >> and the last accessed time for that pair and comparing the incoming >> requests against it. >> >> >> WDYT? >> >> Thanks, >> Sachith >> -- >> Sachith Withana >> Software Engineer; WSO2 Inc.; http://wso2.com >> E-mail: sachith AT wso2.com >> M: +94715518127 >> Linked-In: <http://goog_416592669> >> https://lk.linkedin.com/in/sachithwithana >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Tishan Dahanayakage > Software Engineer > WSO2, Inc. > Mobile:+94 716481328 > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, re-transmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sachith Withana Software Engineer; WSO2 Inc.; http://wso2.com E-mail: sachith AT wso2.com M: +94715518127 Linked-In: <http://goog_416592669>https://lk.linkedin.com/in/sachithwithana
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
