Does anyone here know of any software that can be used to analyze the CDR for suspicious activity [on a busy system]. I have a client who has just learned the hard way about security. Someone was able to connect to their box and using it for long distance and international telemarketing. Luckily the carrier picked it up and started ringing alarm bells, leading them to, among other things, seek a new consultant. I have secured everything and after a week of monitoring, all is good. I have implemented monitors to attempt to catch IP based connections [e.g. high jacked extensions] which can be automatically shut down using fail2ban etc.
I would now like to monitor the CDR system for unusual call patterns. I have been examining the large CDR database and have a number of obvious patterns I can write a monitoring program to catch. My interest is the last line of defense: analysis of the CDR to find patterns such as a predictive dialer might leave [e.g. rapid outbound calls that are to the same area code, lots of calls of the same short length, sudden upsurge in calls to a specific geographic region]. Are there any open source solutions for this?