I initied desenvolve scripts to extract the autentication events from Windows Active Directory and return the users ip addresses to an DB (PostgreSQL), but i dont have time to continue to develop. To any interested, the GitHub link:
https://github.com/celsolom/openwinsso (https://github.com/celsolom/openwinsso)
PS: The scripts retrieve logon events from users on groups in a csv file, return his ip addresses to a DB and check if continues connected on pc.
When i developing i think to use this with pfsense and squidGuard, allowing to create filters and rules by user and groups (using tables of pf and config reloads on squidGuard).