Anomaly Detection Service
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
1
Dependents
2
Entities
0
Integrations
Description
Evaluates security event streams against configurable per-tenant thresholds to identify patterns such as N failed logins within T minutes or abnormal token refresh rates. Threshold configuration is loaded from the organization config system, making limits adjustable per tenant without code changes.
anomaly-detection-service
Responsibilities
- Evaluate failed login event counts against per-tenant configurable thresholds
- Detect unusual token refresh patterns and flag anomalous refresh chains
- Load and cache anomaly threshold configuration from organization config
- Produce ranked AnomalyResult objects consumed by SecurityMetricsService
Interfaces
evaluateLoginAnomalies(tenantId: string, events: AuditEvent[]): AnomalyResult[]
evaluateTokenAnomalies(tenantId: string, tokens: RefreshTokenRecord[]): AnomalyResult[]
getThresholdConfig(tenantId: string): AnomalyThresholdConfig
updateThresholdConfig(tenantId: string, config: AnomalyThresholdConfig): void
Relationships
Related Data Entities (2)
Data entities managed by this component