com.mozilla.secops.amo

Class AddonMultiIpLogin

java.lang.Object

org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>>

com.mozilla.secops.amo.AddonMultiIpLogin

All Implemented Interfaces:

DocumentingTransform, Serializable, org.apache.beam.sdk.transforms.display.HasDisplayData

public class AddonMultiIpLogin
extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>>
implements DocumentingTransform

Multiple account logins for the same account from different source addresses associated with different country codes

The analysis is based on sessions with a 15 minute gap duration.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
AddonMultiIpLogin(String monitoredResource, Integer suppressRecovery, Integer alertOn, Integer alertOnIp, String[] acctExceptions, String[] aggMatchers) Construct new AddonMultiIpLogin

Method Summary

Modifier and Type	Method and Description
org.apache.beam.sdk.values.PCollection<Alert>	expand(org.apache.beam.sdk.values.PCollection<Event> col)
String	getTransformDoc() Get documentation string from transform based on it's current configuration

Methods inherited from class org.apache.beam.sdk.transforms.PTransform

compose, compose, getAdditionalInputs, getDefaultOutputCoder, getName, getResourceHints, populateDisplayData, setResourceHints, toString, validate

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AddonMultiIpLogin

public AddonMultiIpLogin(String monitoredResource,
                         Integer suppressRecovery,
                         Integer alertOn,
                         Integer alertOnIp,
                         String[] acctExceptions,
                         String[] aggMatchers)

Construct new AddonMultiIpLogin

Parameters:

monitoredResource - Monitored resource indicator

suppressRecovery - Optional recovery suppression to include with alerts in seconds

alertOn - The number of different countries that must be seen for an alert to fire

alertOnIp - If country count exceeded, IP count for the user must also exceed value

acctExceptions - Array containing regex for account exceptions

aggMatchers - Aggressive violation account matchers

Method Detail

getTransformDoc

public String getTransformDoc()

Get documentation string from transform based on it's current configuration

Specified by:

getTransformDoc in interface DocumentingTransform

Returns:

String

expand

public org.apache.beam.sdk.values.PCollection<Alert> expand(org.apache.beam.sdk.values.PCollection<Event> col)

Specified by:

expand in class org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>>