How to write a script to detect anomalous login locations

0 votes

I am trying to improve security monitoring by detecting logins from unusual locations. My questions are:

  • How can I extract IP addresses from authentication logs (/var/log/auth.log, /var/log/secure)?
  • How can I use geolocation APIs (like ipinfo.io, MaxMind) to map IPs to locations?
  • How to define an "anomalous" login (e.g., new country, unusual time, failed attempts)?

A Python or Bash script that automates this detection and sends alerts would be useful.

Feb 26 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points 43 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

How can I write a Ruby script to automate the process of brute-forcing a login form?

Oct 11, 2024 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points 416 views
+1 vote
1 answer

How can I write a Ruby script to automate the process of brute-forcing a login form?

In order to create a Ruby script ...READ MORE

answered Oct 23, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 243 views
0 votes
0 answers

How do I write a simple PERL script to scan for open ports on a target machine?

Oct 11, 2024 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points 125 views
0 votes
0 answers

How do I write a simple PERL script to scan for open ports on a target machine?

I’m learning about network security and I ...READ MORE

Oct 17, 2024 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points 261 views
0 votes
1 answer

How to write a Python script for XSS vulnerability detection?

Detecting Cross-Site Scripting (XSS) vulnerabilities is crucial ...READ MORE

answered Feb 19 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 66 views
0 votes
1 answer

How to write a script to check for insecure HTTP headers?

Ensuring the security of your web application ...READ MORE

answered Feb 21 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 60 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 449 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 421 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 275 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 22,940 points 248 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.