Open Vadman97 opened 1 month ago
To address suspicious session alerts and implement event anomaly detection, follow these steps:
Define Anomaly Detection Logic: Implement the logic to detect anomalies in session events. This can be done in the backend where session events are processed.
Modify Session Alert Payload: Update the SessionAlertPayload
struct in /backend/alerts/integrations/integrations.go
to include fields for anomaly detection results.
Update Session Alert Sending: Modify the SendNewSessionAlert
function in /backend/alerts/alerts.go
to handle the new anomaly detection fields and include them in the alert payload.
Frontend Changes: Update the SessionAlertPage
component in /frontend/src/pages/Alerts/SessionAlert/SessionAlertPage.tsx
to display the anomaly detection results in the session alert form.
Example Code Changes:
Backend - integrations.go:
// Add new fields to SessionAlertPayload
type SessionAlertPayload struct {
SessionURL string
UserIdentifier string
UserProperties map[string]string
AvatarURL *string
VisitedURL *string
AnomalyScore float64 // New field for anomaly score
AnomalyType string // New field for anomaly type
}
Backend - alerts.go:
// Update SendNewSessionAlert to include anomaly detection fields
func SendNewSessionAlert(event SendNewSessionAlertEvent) error {
payload := integrations.SessionAlertPayload{
SessionURL: event.SessionURL,
UserIdentifier: event.UserIdentifier,
UserProperties: event.UserProperties,
AvatarURL: event.AvatarURL,
VisitedURL: event.VisitedURL,
AnomalyScore: event.AnomalyScore, // Include anomaly score
AnomalyType: event.AnomalyType, // Include anomaly type
}
// Existing code to send the alert
}
Frontend - SessionAlertPage.tsx:
// Update form to display anomaly detection results
const SessionAlertForm: React.FC<SessionAlertFormProps> = ({ type, configuration }) => {
return (
<form>
{/* Existing form fields */}
<div>
<label>Anomaly Score:</label>
<input type="number" value={configuration.anomalyScore} readOnly />
</div>
<div>
<label>Anomaly Type:</label>
<input type="text" value={configuration.anomalyType} readOnly />
</div>
</form>
);
};
These changes will help in detecting and alerting on suspicious sessions based on event anomalies.
/backend/public-graph/graph/resolver.go /backend/alerts/integrations/microsoft-teams/messages_test.go /backend/alerts/integrations/microsoft-teams/message_templates.go /backend/alerts/integrations/integrations.go /backend/private-graph/graph/model/models_gen.go /backend/alerts/alerts.go /frontend/src/pages/Alerts/SessionAlert/SessionAlertPage.tsx
event anomaly detection