🏠 Overview 🧩 Components 🧩 Anomaly Detection Service

Anomaly Detection Service

Component Detail

Service Layer medium complexity backend
1
Dependencies
0
Dependents
2
Entities
0
Integrations

Description

Lightweight rule-based service that evaluates authentication and session events against configurable thresholds to flag suspicious activity patterns. Detects brute-force login attempts, concurrent sessions from different geographies, and off-hours access.

Feature: Security Dashboard

anomaly-detection-service

Responsibilities

  • Evaluate login attempt frequency against per-org brute-force thresholds
  • Detect concurrent sessions originating from geographically disparate IP ranges
  • Flag access events outside configured business hours per organization
  • Produce scored Alert records for consumption by SecurityMonitoringService

Interfaces

analyzeAuthEvents(events: AuthEvent[], thresholds: AlertThresholds): Alert[]
analyzeSessionPatterns(sessions: Session[], config: OrgConfig): SessionAnomaly[]

Relationships

Dependencies (1)

Components this component depends on

data Security Metrics Repository

Related Data Entities (2)

Data entities managed by this component

Audit Log 17 fields audit Session 19 fields core