Ruby SDK for user monitoring¶ Sqreen protects your application users against major threats, such as account takeover, password bruteforce, suspicious activities coming from TOR or an unusual VPN. Sqreen supports Devise out of the box for automatic user context. If you are using Devise, you do not need to change anything, as long as you have selected the automatic mode in your application settings. Advanced User Context allows you to set up user monitoring in your application with flexibility and powerful additional features. You need to integrate the Sqreen SDK in your application. User monitoring SDK¶ The Sqreen SDK integration relies on three methods: signup_track, auth_track and identify. Here is a full implementation example: require 'sqreen' class SessionsController < ApplicationController def create user = login(params[:email], params[:password]) Sqreen.auth_track(!user.nil?, email: params[:email]) # .... end end class UsersController < ApplicationController def create user_params = params.require(:user) user = User.create!(user_params) Sqreen.signup_track(email: user_params[:email]) # .... end end class ApplicationController before_action :tag_request private def tag_request if current_user Sqreen.identify(email: current_user.email) end end end Login tracking¶ Sqreen.auth_track is the SDK method to call on user login activity. require 'sqreen' Sqreen.auth_track(is_login_successful, email: user.email) The auth_track function accepts two positional arguments: def auth_track(success, user_identifiers) The first argument is a boolean indicating if the login attempt was successful or not (True or False). The second argument is a Hash with your user identification information. It is used in Sqreen's user interface to help you identify which users are at risk, or which are attacking your application. The hash keys and values should only be strings. Sqreen integration at signup and login You should not call Sqreen.auth_track each time you check a user session in your application. Signup tracking¶ Sqreen.signup_track is the SDK method to call when creating a new user account at signup. require 'sqreen' Sqreen.signup_track(email: user.email) The signup_track function accepts a single argument: def signup_track(user_identifiers) user_identifiers is a Hash representing your identification information. It is used in Sqreen's user interface to help you identify which users are at risk, or which are attacking your application. The hash keys and values should only be strings. Session tracking¶ Sqreen.identify is the SDK method to map a user to the current HTTP request. Block users with security automation Implementing identify method is required to block users with Security Automation When the request is not identified using this method, Sqreen fallbacks to login tracking information to map a user. It is a best effort approach based on the recent activity of users on the request's IPs. The identify function accepts two arguments: def identify(user_identifiers, traits) The first argument is a Hash representing your user identification information. They are used in Sqreen's user interface to help you identify which users are at risk, or which are attacking your application. The second argument is an optional Hash of traits about the user. The hash keys and values should only be strings. User traits At the moment, we do not display nor process the traits. In the near future, we'll display them to facilitate attack investigation and allow you to build custom workflows. Interested in this feature? Contact us. Block users (Security Automation)¶ When using Security Automation built-in block user security response, you should implement identify and auth_track methods to block users at login or during their session. Otherwise, Sqreen will not be able to map a user context to requests performed on your application. Learn more about login and session tracking. User identification¶ If your users can be identified with a single value (email, nickname...), you can proceed that way: Sqreen.auth_track(true, email: user.email) User monitoring and PII If you are concerned about sending sensitive data to us and not leaking any Personally Identifying Information (PII), visit this blogpost to learn some best practices around user tracking. If your users are identified with a composite primary key (multiple values), all of them should be sent in order to identify them accurately on Sqreen's user interface. For example, if you are are operating a whitelabel platform and your users are identified by their email and the shop ID, you can send these identifiers like this: Sqreen.auth_track(true, email: user.email, platform_id: platform.id) This also applies to the signup_track and identify functions. Sqreen SDK only accepts user identifiers Do not send any other information (like the auth failure reason). Sqreen will consider them as part of the user identifier, and will not be able to merge successful and failed authentications. Primary key¶ Sqreen tries to determine a primary key amongst the keys you provided. The following keywords are used to determine the user primary identification key: email, mail, e-mail, username, login. If none of those keys are found, Sqreen uses the first in alphabetic order. If multiple keys are found, Sqreen uses the first in the sequence mentioned above.