Hello,
I've just discovered SEC and it seems to be the perfect fit for what we are
trying to do .
Basically , we are running a voip peering service but have to face fraud on a
daily basis. We tried to imagine all sort of ways to detect/stop fraudsters
(ie: account age vs total active calls, account age vs purchase frequency,
etc.. ) . SEC comes handy as adding rules should be a lot easier . However, we
can only find active calls by connecting to a unix socket - this is an output
sample :
{'I_ENVIRONMENT': 1, 'B2BUA_TAG': '2', 'CLI': '0203xxx3749', 'I_CONNECTION': 5,
'CLD': '448000xxx202', 'CALL_ID': 'a3f44b31-199ab9ca@192.168.0.2', 'DELAY': 2,
'DURATION': 12, 'CC_STATE': 'Connected', 'I_ACCOUNT': 15, 'ID': '968526',
'I_CUSTOMER': 1}
How could we continuously listen to unix sockets with SEC as calls come in and
achieve the following :
a) alert (or run script) if the call limit per caller (I_ACCOUNT) and per
period have been exceeded and CC_STATE:Connected
>
>b) alert and run script if same destination number (CLD) with same CLI is
>called more than once -- a "normal" user doesn't call the same number more
>than once
>
>
Also what's the best way to define the following rule (input from a Postgres
DB):
>>
Period : 15MIN
>Alert Conditions :
Applies to : I_ACCOUNT
>Alert me when : DURATION -- % INCREASE >= 20 -- COMPARED TO : PREVIOUS 15MIN
>>
>Email : XXX (or run script)
>>
>>
We have many more rule combinations, but this will be a great start already..
Thank you
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
