--- tags: Setup --- # Lecture 23 Setup/Prep Was Lecture 22 in Spring 21 ## Design Problem: Managing Security Alerts Real-world systems that manage sensitive information often keep logs of user's actions and check whether patterns of those actions suggest inappropriate activity. For example, many failed login attempts for a particular username can suggest an attack. Someone saving a lot of large files all of a sudden could mean that someone is copying data that they shouldn't otherwise be able to manipulate. These are two of many examples. These systems have several key components: - A database (or data structure) of the actions that users have taken in the system. We'll call this the *Event Log*. - A mechanism for processing the log and generating *alerts* about patterns of activity. - A data structure for managing alerts, so the security staff can prioritize the most serious alerts first. We will be discussing data structures for Alerts. What operations will we need to support? - Quickly retrieve the next highest priority alert to process and delete it from the collection of pending alerts - Frequently insert new alerts that need to be processed (in order of highest to lowest priority) ## Prep Look at this [code file](https://brown-cs18-master.github.io/content/lectures/22heapsIntro/Alert.scala) (with sample classes for `Alerts`, `Events`, and a list-based implementation of an `EventLog`). Note any questions you have about it. - Consider the choice of lists as a data structure for the `EventLog`. We'll start lecture in breakouts where you'll brainstorm a data structure for managing the alerts.