epok
Live demoStart trial

Domain-Specific

Security Event Detection

Updated May 31, 2026 · today

Brute-force authentication attempts, anomalous auth failures, privilege escalations, and suspicious access patterns from your auth and audit logs.

Example alert

23 failed SSH auth attempts to bastion-1 from a single IP in 90 seconds

Exact wording varies — the detector generates titles from the anomaly it finds. This is representative of what an alert looks like when it fires.

How it works

Rule pack matching auth log patterns: SSH brute-force, OAuth failures, sudo escalations, API key abuse, and anomalous login sources. Combines count-over-window thresholds with pattern matching. No learning period.

Availability

Runs on these tiers:

trialteamgrowthenterprise

Want to see this detector firing in the live demo?

Open alerts in the sandbox →

Related detectors

  • Kubernetes Detection

    70+ rules for OOMKilled, CrashLoopBackOff, ImagePullBackOff, FailedScheduling, evictions, probe failures, and other Kubernetes failure modes.

  • AWS Service Detection

    Patterns for RDS, S3, DynamoDB, ECS, EKS, IAM, KMS, Lambda, and 20+ other AWS services. Catches throttling, capacity events, IAM denials, and service-specific failure modes.

  • Serverless Detection

    Lambda timeouts, cold starts, throttling, init failures, runtime crashes, and concurrency limits across functions.

  • Database Detection

    Connection pool exhaustion, deadlocks, slow queries, replication lag, schema migration errors, and transaction aborts across Postgres, MySQL, and MongoDB.

  • Dependency Detection

    Upstream service failures, circuit breaker trips, retry exhaustion, and cascading failures between services.

← All detectors