You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by tkg_cangkul <yu...@gmail.com> on 2019/05/16 02:58:56 UTC

[ask] detect unsual login duration

Hi,

Does metron support to do detection an unusual login duration?

For example.
IP A login for 3 days without logout. then metron will give some alert 
to us.

If this possible, how to do that?
Pls help.


Best Regards,

Tkg_cangkul

Re: [ask] detect unsual login duration

Posted by tkg_cangkul <yu...@gmail.com>.

Hi Simmon,

Thanks for your response,
Could you explain about *add some sort of state table and a triggered* ?
Is that the hbase table?
For your information, i don't want to wait for the logout from the user.

Best Regards,

Tkg_cangkul

On 16/05/19 15:59, Simon Elliston Ball wrote:
> You could pull that out in a report in zeppelin easily enough, but to 
> do it real-time we would need to add some sort of state table and a 
> triggered check of that state, unless you say wanted to alert only on 
> logout (I’m assuming you don’t want to wait for the logout, but alerts 
> after some fixed duration or better some anomalous duration?)
>
> Is that the sort of use case?
>
> Simon
>
> On Thu, 16 May 2019 at 03:59, tkg_cangkul <yuza.rasfar@gmail.com 
> <ma...@gmail.com>> wrote:
>
>     Hi,
>
>     Does metron support to do detection an unusual login duration?
>
>     For example.
>     IP A login for 3 days without logout. then metron will give some
>     alert
>     to us.
>
>     If this possible, how to do that?
>     Pls help.
>
>
>     Best Regards,
>
>     Tkg_cangkul
>
> -- 
> --
> simon elliston ball
> @sireb

Re: [ask] detect unsual login duration

Posted by Simon Elliston Ball <si...@simonellistonball.com>.

You could pull that out in a report in zeppelin easily enough, but to do it
real-time we would need to add some sort of state table and a triggered
check of that state, unless you say wanted to alert only on logout (I’m
assuming you don’t want to wait for the logout, but alerts after some fixed
duration or better some anomalous duration?)

Is that the sort of use case?

Simon

On Thu, 16 May 2019 at 03:59, tkg_cangkul <yu...@gmail.com> wrote:

> Hi,
>
> Does metron support to do detection an unusual login duration?
>
> For example.
> IP A login for 3 days without logout. then metron will give some alert
> to us.
>
> If this possible, how to do that?
> Pls help.
>
>
> Best Regards,
>
> Tkg_cangkul
>
> --
--
simon elliston ball
@sireb