Hi All,
I am trying to produce a real time Alert system. I am not sure on how to quote this.
Eg. I have a network sniffer that would be listening to the Packets. Let us say two packets come from the same machine stating that a Wrong password was entered into a NT System. Than I want to raise an Alert. Let us say a Failed Logon is followed by a correct LogIn than no alert should be raised.
Also there will be similar policies for Failed DB Logons, Failed Unix Logons and the like.
Also Eventually all the Packets have to reach a Database. I can get these results by running a query on the DB Too but that would not be real time.
Someone suggested to build a Finite State machine ? I have no idea.