├── .gitignore
├── README.md
├── prometheus-monitor.sln
└── prometheus-monitor
├── Alerts
└── AlertThresholds.cs
├── Service
├── IPrometheusMonitor.cs
└── PrometheusMonitor.cs
└── prometheus-monitor.csproj
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Oo]ut/
33 | [Ll]og/
34 | [Ll]ogs/
35 |
36 | # Visual Studio 2015/2017 cache/options directory
37 | .vs/
38 | # Uncomment if you have tasks that create the project's static files in wwwroot
39 | #wwwroot/
40 |
41 | # Visual Studio 2017 auto generated files
42 | Generated\ Files/
43 |
44 | # MSTest test Results
45 | [Tt]est[Rr]esult*/
46 | [Bb]uild[Ll]og.*
47 |
48 | # NUnit
49 | *.VisualState.xml
50 | TestResult.xml
51 | nunit-*.xml
52 |
53 | # Build Results of an ATL Project
54 | [Dd]ebugPS/
55 | [Rr]eleasePS/
56 | dlldata.c
57 |
58 | # Benchmark Results
59 | BenchmarkDotNet.Artifacts/
60 |
61 | # .NET Core
62 | project.lock.json
63 | project.fragment.lock.json
64 | artifacts/
65 |
66 | # ASP.NET Scaffolding
67 | ScaffoldingReadMe.txt
68 |
69 | # StyleCop
70 | StyleCopReport.xml
71 |
72 | # Files built by Visual Studio
73 | *_i.c
74 | *_p.c
75 | *_h.h
76 | *.ilk
77 | *.meta
78 | *.obj
79 | *.iobj
80 | *.pch
81 | *.pdb
82 | *.ipdb
83 | *.pgc
84 | *.pgd
85 | *.rsp
86 | *.sbr
87 | *.tlb
88 | *.tli
89 | *.tlh
90 | *.tmp
91 | *.tmp_proj
92 | *_wpftmp.csproj
93 | *.log
94 | *.vspscc
95 | *.vssscc
96 | .builds
97 | *.pidb
98 | *.svclog
99 | *.scc
100 |
101 | # Chutzpah Test files
102 | _Chutzpah*
103 |
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 |
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 |
121 | # Visual Studio Trace Files
122 | *.e2e
123 |
124 | # TFS 2012 Local Workspace
125 | $tf/
126 |
127 | # Guidance Automation Toolkit
128 | *.gpState
129 |
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 |
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 |
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 |
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 |
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 |
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 |
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 |
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 |
163 | # Web workbench (sass)
164 | .sass-cache/
165 |
166 | # Installshield output folder
167 | [Ee]xpress/
168 |
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 |
179 | # Click-Once directory
180 | publish/
181 |
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 |
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 |
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 |
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 |
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 |
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 |
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 |
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 |
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 |
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 |
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 |
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 |
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 |
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 |
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 |
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 |
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 |
288 | # Visual Studio 6 build log
289 | *.plg
290 |
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 |
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 |
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 |
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 |
309 | # FAKE - F# Make
310 | .fake/
311 |
312 | # CodeRush personal settings
313 | .cr/personal
314 |
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 |
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 |
323 | # Tabs Studio
324 | *.tss
325 |
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 |
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 |
335 | # OpenCover UI analysis results
336 | OpenCover/
337 |
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 |
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 |
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 |
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 |
350 | # Local History for Visual Studio
351 | .localhistory/
352 |
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 |
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 |
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 |
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus-Monitor
2 |
3 | **Prometheus-Monitor** is a lightweight C# .NET package for tracking unusual behavior on endpoints. It monitors key metrics such as login frequency, IP changes, and access patterns, and alerts the system when it detects deviations from baseline behavior. Prometheus-Monitor is ideal for enhancing endpoint security by identifying potential security threats through behavioral analysis.
4 |
5 | ## Key Features
6 |
7 | - **Behavioral Monitoring**: Tracks user actions and key metrics to detect unusual behavior.
8 | - **Alerts for Anomalies**: Notifies the system if deviations from normal patterns are detected.
9 | - **Configurable Metrics**: Easily configure which metrics to track, such as login frequency, IP address changes, and access patterns.
10 | - **Lightweight**: Minimal performance overhead, making it ideal for applications with real-time monitoring needs.
11 |
12 | ## Getting Started
13 |
14 | ### Installation
15 |
16 | Install Prometheus-Monitor via NuGet Package Manager Console:
17 |
18 | ```bash
19 | Install-Package Prometheus-Monitor
20 | ```
21 |
22 | Or, add it to your .csproj file:
23 | ```xml
24 |
25 | ```
26 |
27 | #Setup and Configuration
28 |
29 | To start monitoring, initialize Prometheus-Monitor in your application’s startup file (e.g., Startup.cs) and configure the metrics and alert thresholds you want to track.
30 | ```csharp
31 | // Startup.cs
32 | using PrometheusMonitor;
33 |
34 | public class Startup
35 | {
36 | public void ConfigureServices(IServiceCollection services)
37 | {
38 | services.AddPrometheusMonitor(options =>
39 | {
40 | options.TrackLoginFrequency = true; // Enable tracking of login frequency
41 | options.TrackIPChanges = true; // Enable tracking of IP address changes
42 | options.TrackAccessPatterns = true; // Enable tracking of user access patterns
43 | options.AlertThresholds = new AlertThresholds
44 | {
45 | LoginFrequencyThreshold = 5, // Example: Alert if login frequency exceeds 5 per minute
46 | IPChangeThreshold = 3, // Example: Alert if IP changes more than 3 times in an hour
47 | AccessPatternDeviation = 0.2 // Example: 20% deviation from normal access pattern triggers an alert
48 | };
49 | });
50 | }
51 | }
52 | ```
53 |
54 | ## Usage
55 | Prometheus-Monitor can be integrated within your application to log user actions and detect suspicious behavior automatically.
56 |
57 | ## Example: Tracking Login Frequency and Detecting Anomalies
58 | In this example, Prometheus-Monitor tracks login frequency, IP changes, and access patterns. If any metric deviates from its baseline, the system can log the incident or take action as configured.
59 | ```csharp
60 | using PrometheusMonitor;
61 |
62 | public class UserActivityService
63 | {
64 | private readonly IPrometheusMonitor _prometheusMonitor;
65 |
66 | public UserActivityService(IPrometheusMonitor prometheusMonitor)
67 | {
68 | _prometheusMonitor = prometheusMonitor;
69 | }
70 |
71 | public void TrackLogin(string userId, string ipAddress)
72 | {
73 | _prometheusMonitor.LogLogin(userId, ipAddress);
74 |
75 | if (_prometheusMonitor.DetectAnomalies(userId))
76 | {
77 | // Handle detected anomaly, such as alerting or logging the incident
78 | Console.WriteLine("Unusual behavior detected for user: " + userId);
79 | }
80 | }
81 | }
82 | ```
83 | ## Example Scenarios
84 | 1. Login Frequency Monitoring: Alerts the system if a user logs in unusually often within a short time, which might indicate a brute-force attempt.
85 | 2. IP Address Change Tracking: Flags accounts with frequent IP changes, which could suggest account-sharing or potential hijacking.
86 | 3. Access Pattern Analysis: Detects significant deviations from typical user access patterns, such as unusual file access or directory browsing.
87 |
88 | ## Contributing
89 | We welcome contributions! Please open an issue or submit a pull request if you have suggestions or improvements.
90 |
91 | ## License
92 | This project is licensed under the MIT License - see the LICENSE file for details.
93 |
94 | ## Contact
95 | For questions or feedback, please contact [menfra@menfra.de].
96 |
97 |
98 |
99 |
--------------------------------------------------------------------------------
/prometheus-monitor.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.8.34330.188
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "prometheus-monitor", "prometheus-monitor\prometheus-monitor.csproj", "{5B71C93B-7D5E-41F4-9B8B-56E86DF9F59D}"
7 | EndProject
8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{E1415D38-E0D5-4054-B68F-C7386017FB76}"
9 | ProjectSection(SolutionItems) = preProject
10 | README.md = README.md
11 | EndProjectSection
12 | EndProject
13 | Global
14 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
15 | Debug|Any CPU = Debug|Any CPU
16 | Release|Any CPU = Release|Any CPU
17 | EndGlobalSection
18 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
19 | {5B71C93B-7D5E-41F4-9B8B-56E86DF9F59D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
20 | {5B71C93B-7D5E-41F4-9B8B-56E86DF9F59D}.Debug|Any CPU.Build.0 = Debug|Any CPU
21 | {5B71C93B-7D5E-41F4-9B8B-56E86DF9F59D}.Release|Any CPU.ActiveCfg = Release|Any CPU
22 | {5B71C93B-7D5E-41F4-9B8B-56E86DF9F59D}.Release|Any CPU.Build.0 = Release|Any CPU
23 | EndGlobalSection
24 | GlobalSection(SolutionProperties) = preSolution
25 | HideSolutionNode = FALSE
26 | EndGlobalSection
27 | GlobalSection(ExtensibilityGlobals) = postSolution
28 | SolutionGuid = {B51678FF-7EBF-4135-A1B7-CE6878D0EF6F}
29 | EndGlobalSection
30 | EndGlobal
31 |
--------------------------------------------------------------------------------
/prometheus-monitor/Alerts/AlertThresholds.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace prometheus_monitor.Alerts
6 | {
7 | public class AlertThresholds
8 | {
9 | public int LoginFrequencyThreshold { get; set; }
10 | public int IPChangeThreshold { get; set; }
11 | public double AccessPatternDeviation { get; set; }
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/prometheus-monitor/Service/IPrometheusMonitor.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace prometheus_monitor.Service
6 | {
7 | public interface IPrometheusMonitor
8 | {
9 | void LogLogin(string userId, string ipAddress);
10 | bool DetectAnomalies(string userId);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/prometheus-monitor/Service/PrometheusMonitor.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace prometheus_monitor.Service
6 | {
7 | public class PrometheusMonitor : IPrometheusMonitor
8 | {
9 | public void LogLogin(string userId, string ipAddress)
10 | {
11 | // Implementation to log login attempts
12 | }
13 |
14 | public bool DetectAnomalies(string userId)
15 | {
16 | // Implementation to detect anomalies based on login frequency, IP changes, etc.
17 | return false;
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/prometheus-monitor/prometheus-monitor.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | netstandard2.1
4 | prometheus_monitor
5 | enable
6 | Prometheus-Monitor is a lightweight C# .NET package for tracking unusual behavior on endpoints.
7 | behavioral analysis; endpoint security; login monitoring; IP tracking; .NET
8 | Frank Mensah
9 | Frank Mensah
10 | menfra.prometheus-monitor
11 | README.md
12 | 3.0.3
13 | MIT
14 | https://github.com/menfra/prometheus-monitor
15 | git
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------