Having a need to create "Instrusion Detection" alert for example:
X number for sessions from same user in x amount of time
x executions of a url by same user in x time.
Can I have suggestion how to set up to accomplish the purpose?
DCRUM is not intended as an Intrusion Detection tool; it is a performance monitoring tool.
That said, an alert based on username and URL, with operation count greater than X as the alert threshold, is likely as close as you will get in DCRUM. this will throw an alert anytime the operation count in an interval for a specific user exceeds the specified threshold.