A regular old accumulate could do this. Doesn't even have to be custom: rule "many bogus attempts" when $login : Login( $baseName : name) $total : Number( intValue > 5 ) from accumulate( Login( this != login, eval(levenshtein(name, baseName) ), init( int total = 0; ), action( total++; ), reverse( total--; ), result( total ) ) then //ALARM! end
This basically says "accumulate all Logins where the name is within a levenshtein distance of a given Login and freak out if there's more than X." This rule isn't all fusiony, but you get the idea. Also, the eval in the accumulate could be a custom operator for readability. --- On Tue, 6/22/10, Earnest Dyke <[email protected]> wrote: From: Earnest Dyke <[email protected]> Subject: Re: [rules-users] Inter-fact comparison To: "Rules Users List" <[email protected]> Date: Tuesday, June 22, 2010, 2:57 PM Thanks for the quick reply. Yes, the original facts are already coming in via a stream (Fusion) to an existing set of rules so I was hoping to build on that. What I am trying to do is evaluate logins information as users are attempting to login trying to identify hack attempts by a person trying to login with a slightly different user name over a given period of time. Earnie! From: David Sinclair <[email protected]> To: Rules Users List <[email protected]> Sent: Tue, June 22, 2010 3:47:36 PM Subject: Re: [rules-users] Inter-fact comparison Hi Earnie, What you are explaining seems pretty straight forward and would more likely than not be overkill to use a rule engine. Are there other aspects of the system you are leaving out that warrant the use of Drools? dave 2010/6/22 Earnest Dyke <[email protected]> Greetings all, I have a requirement to compare a set of facts against each other, calculate a value that indicates the amount of difference (Levenshtein distance) between a single attribute on each fact. So I load all of my facts into working memory then what? Do I execute a rule first that creates a new set of facts which is a Cartesian product of the original set of facts, each new fact containing a reference to two original facts and the diff between them? Looked at using a custom accumulate function but I don't think that's going to do what I need since it is intended to go through a set of facts and return a single value. Any and all related help is appreciated. Earnie! _______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users -----Inline Attachment Follows----- _______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users
_______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users
