Hey guys! excited to announce the release of usual_suspect, This gem introduces a suite of tools aimed at monitoring and responding to suspicious user activities, offering a higher level of security vigilance.
Key Features of UsualSuspect:
Suspicious Password Change Detection: Identifies and logs rapid password changes post-login, helping to flag potential unauthorized account access.
Geo-Velocity Tracking: Analyzes the feasibility of physical movement between consecutive logins based on geographical locations and timestamps, flagging implausible travel scenarios as potential security breaches.
VPN and Proxy Detection: Utilizes vpnapi.io services to detect logins from VPNs, tor, relays and proxies, enhancing the ability to identify masked IPs and potential location spoofing.
Session-Specific Event Logging: Each login session is tracked individually, ensuring a granular and context-aware approach to security event logging.