Create a mechanism that analyzes logs to detect unauthorized behavior in cases where information leakage, unauthorized access, or other such activity, is suspected. Analyses should include those shown below.
Analyze session information of logs from the perspectives below to detect unauthorized logins:
Trend of sessions with a large number of failed login attempts
Trend of sessions with accounts that are logged in for long periods of time
Trend of sessions in which a large amount of resources are used
Analyze SQL statements from the perspectives below to detect unauthorized access to the database:
Trend of SQL being executed over a long period of time
Trend of SQL using a large amount of resources
