Today we’ve released the first version of the Data Analysis component, code named Analytics Scripts. The primary idea behind the project is to enable analysis of data such as WebAPILogs and Activated Machines, and thus be able to spot suspicious behaviour and take appropriate measures.
There are two main pages that are associated with this project:
- Search – where the query is entered and the result is obtained
- Snippets List – where example query can be found
Let’s get started right away. Our task is to see the licenses that were unsuccessfully activated today. Fortunately, an example of this is shown here.
When you press run, you will be redirected to search page, hopefully with some results. If you don’t get any results, you could try removing the time constraint, i.e. typing Logs.Where(x=> x.State % 100 >= 20). Here are some sample results:
Once the script has executed, you will see the product, the key (if available) and the IP address that sent the request. Based on this, you should be able to block certain keys, IPs, etc.
The concept behind the queries (aka scripts) might not be easy to grasp right away. A good start is to have a look the license search functionality, however, the best tip is to understand the return parameters used in WebAPILogs and Activated Machines.
Let’s look at the query above, i.e. Logs.Where(x=> x.Time >= today and x.State % 100 >= 20) . “Logs” refers to WebAPILogs, which has return parameters (here, we use UserLog model) Pid, Key, IP, Time and State. Note, if we would have used “Activations”, which refers to Activated Machines, we would have used mid, IP and Time instead.
So, since Time is straightforward (more info here), let’s look at the State. As described in the Web API, the third digit in a state states whether the request is successful or unsuccessful, i.e. 2020 means an activation was unsuccessful, whereas 2010 and 2011 mean that an activation was successful. Therefore, we can use the modulus operator, %, to extract the last to digits, and then check if these digits are greater than or equal to 20, which implies the request was unsuccessful. Everything that is less than 20 is a successful request, which may be useful in other queries.
Note, it’s perfectly fine to combine queries together (several queries inside each other), as shown in this example.
Logs.Where(x => x.State % 100 >= 20 and Logs.Count(y => y.IP == x.IP ) > 10)
This project is still in its earliest phase, so if you would have any ideas, please let us know!