Anomaly detection & alerts
Automatically flag suspicious patterns and get alerted.
Premium. Anomaly detection watches the log for suspicious patterns and flags them under Activity Log → Anomalies, optionally emailing you.
What it detects
- Failed-login bursts — many failed logins from one IP within a window you set.
- Privilege escalation — a user’s role changed to Administrator.
- New administrator — a new admin account was created.
- Mass deletion — many items deleted by one user in a short window.
- Off-hours activity — admin changes during your configured quiet hours.
Each rule is debounced so an ongoing burst doesn’t spawn duplicate anomalies. Thresholds, windows and quiet hours are configurable under Settings → Anomalies, and you can enable an email alert when a new anomaly is detected.