Skip to content

feat: login anomaly detection & suspicious activity alerts (#124)#756

Open
alexchenai wants to merge 1 commit intorohitdash08:mainfrom
alexchenai:feature/login-anomaly-detection-124
Open

feat: login anomaly detection & suspicious activity alerts (#124)#756
alexchenai wants to merge 1 commit intorohitdash08:mainfrom
alexchenai:feature/login-anomaly-detection-124

Conversation

@alexchenai
Copy link
Copy Markdown

@alexchenai alexchenai commented Apr 3, 2026

Summary

Implements login anomaly detection system with real-time threat analysis and alert management.

Features

  • Brute force detection: 5+ failed logins in 1 hour triggers high-severity alert
  • New IP detection: first-time IP flagged as medium severity
  • Impossible travel: two different countries within 60 min triggers critical alert
  • Unusual time detection: logins between 1-5 AM flagged as low severity
  • Device/platform change detection
  • Trusted IP allowlist to reduce false positives
  • Full alert lifecycle: create, list active, dismiss

API Endpoints

  • GET /api/security/login-events — list recent login events
  • POST /api/security/login-events — record event, get anomaly analysis
  • GET /api/security/alerts — get active security alerts
  • POST /api/security/alerts/{id}/dismiss — dismiss an alert
  • GET /api/security/trusted-ips — list trusted IPs
  • POST /api/security/trusted-ips — add trusted IP

Tests

7 tests covering brute force, new IP, impossible travel, unusual time, trusted IP bypass, and alert dismiss.

Closes #124

feat: login anomaly detection & suspicious activity alerts (rohitdash…
3fe4983 
…08#124)

- Detects brute force attacks (5+ failed logins/hour -> high severity)
- Flags new IP addresses (medium severity)
- Flags impossible travel (two countries within 60min -> critical)
- Detects unusual login times (1-5 AM -> low severity)
- Device/platform change detection (low severity)
- Trusted IP allowlist to reduce false positives
- Alert lifecycle: create, list active, dismiss
- 7 comprehensive tests covering all anomaly types

Closes rohitdash08#124
@alexchenai alexchenai mentioned this pull request Apr 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Login anomaly detection & suspicious activity alerts

1 participant

@alexchenai