Raxol.Audit.Analyzer (Raxol v2.0.1)

View Source

Analyzes audit events in real-time to detect security threats, anomalies, and compliance violations.

This module implements various detection algorithms including:

  • Brute force attack detection
  • Privilege escalation attempts
  • Data exfiltration patterns
  • Unusual access patterns
  • Compliance violations

Summary

Types

detection_rule()

Functions

analyze_batch(analyzer \\ __MODULE__, events)

Analyzes a batch of events for correlations.

analyze_event(analyzer \\ __MODULE__, event)

Analyzes an audit event for threats and anomalies.

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

get_compliance_status(analyzer \\ __MODULE__)

Gets compliance status.

get_threat_assessment(analyzer \\ __MODULE__)

Gets current threat level assessment.

handle_manager_cast(msg, state)

Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.

start_link(init_opts \\ [])

Types

detection_rule()

@type detection_rule() :: %{
  name: String.t(),
  type: :threshold | :pattern | :anomaly | :correlation,
  condition: function(),
  severity: :low | :medium | :high | :critical,
  action: :alert | :block | :investigate
}

Functions

analyze_batch(analyzer \\ __MODULE__, events)

Analyzes a batch of events for correlations.

analyze_event(analyzer \\ __MODULE__, event)

Analyzes an audit event for threats and anomalies.

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

See Supervisor.

get_compliance_status(analyzer \\ __MODULE__)

Gets compliance status.

get_threat_assessment(analyzer \\ __MODULE__)

Gets current threat level assessment.

handle_manager_cast(msg, state)

Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.

start_link(init_opts \\ [])