The login probe is dedicated to do a conversion of login operations log of a secured app in Datacentre into FINSTIX x-event and x-agent instance objects to be pushed into the Data Layer.
The goal is allowing the anomaly Detection service to check if someone is logging in without having physically accessed the Datacentre. Such a situation is considered as malicious since it can represent a remote logging (deprecated for the secured app) or a credential stealing or sharing to another user. To do this, the input from the Login Probe are correlated with the ones of the Access Control Probe in certain timespan.
Since the Login Probe only deals with simulated operations, its high-level architecture is composed by a Python script that locally reads the .csv logs, which are manually generated to test the environment. The code is then developed as a log reader, able to generate x-events and x-agents, and to push them into the FINSEC Data Layer through the Data Collector. While pushing the data, the probe uses the FINSEC authentication service to validate itself in front of the platform.