search

highlight / highlight

highlight.io: The open source, full-stack monitoring platform. Error monitoring, session replay, logging, distributed tracing, and more.
https://app.highlight.io
Other
7.22k stars 328 forks source link

suspicious session alerts #8693

Open Vadman97 opened 1 month ago

Vadman97 commented 1 month ago

event anomaly detection

linear[bot] commented 1 month ago

HIG-4711 suspicious session alerts

greptile-apps[bot] commented 1 month ago

To address suspicious session alerts and implement event anomaly detection, follow these steps:

  1. Define Anomaly Detection Logic: Implement the logic to detect anomalies in session events. This can be done in the backend where session events are processed.

  2. Modify Session Alert Payload: Update the SessionAlertPayload struct in /backend/alerts/integrations/integrations.go to include fields for anomaly detection results.

  3. Update Session Alert Sending: Modify the SendNewSessionAlert function in /backend/alerts/alerts.go to handle the new anomaly detection fields and include them in the alert payload.

  4. Frontend Changes: Update the SessionAlertPage component in /frontend/src/pages/Alerts/SessionAlert/SessionAlertPage.tsx to display the anomaly detection results in the session alert form.

Example Code Changes:

Backend - integrations.go:

// Add new fields to SessionAlertPayload
 type SessionAlertPayload struct {
     SessionURL     string
     UserIdentifier string
     UserProperties map[string]string
     AvatarURL      *string
     VisitedURL     *string
     AnomalyScore   float64 // New field for anomaly score
     AnomalyType    string  // New field for anomaly type
 }

Backend - alerts.go:

// Update SendNewSessionAlert to include anomaly detection fields
func SendNewSessionAlert(event SendNewSessionAlertEvent) error {
    payload := integrations.SessionAlertPayload{
        SessionURL:     event.SessionURL,
        UserIdentifier: event.UserIdentifier,
        UserProperties: event.UserProperties,
        AvatarURL:      event.AvatarURL,
        VisitedURL:     event.VisitedURL,
        AnomalyScore:   event.AnomalyScore, // Include anomaly score
        AnomalyType:    event.AnomalyType,  // Include anomaly type
    }
    // Existing code to send the alert
}

Frontend - SessionAlertPage.tsx:

// Update form to display anomaly detection results
const SessionAlertForm: React.FC<SessionAlertFormProps> = ({ type, configuration }) => {
    return (
        <form>
            {/* Existing form fields */}
            <div>
                <label>Anomaly Score:</label>
                <input type="number" value={configuration.anomalyScore} readOnly />
            </div>
            <div>
                <label>Anomaly Type:</label>
                <input type="text" value={configuration.anomalyType} readOnly />
            </div>
        </form>
    );
};

These changes will help in detecting and alerting on suspicious sessions based on event anomalies.

References

/backend/public-graph/graph/resolver.go /backend/alerts/integrations/microsoft-teams/messages_test.go /backend/alerts/integrations/microsoft-teams/message_templates.go /backend/alerts/integrations/integrations.go /backend/private-graph/graph/model/models_gen.go /backend/alerts/alerts.go /frontend/src/pages/Alerts/SessionAlert/SessionAlertPage.tsx

Ask Greptile