Detect Anomalous Logins in Your Audit Log and Alert Security
Catch account compromise early — monitor your audit log for suspicious logins like new countries or impossible travel and alert security instantly.
- 1
Ingest Login Events
Add a
Webhooknode receiving each authentication event with user, IP and location. - 2
Compare to History
Add a
Codenode checking for new countries, impossible travel, or many failed attempts against stored history. - 3
Flag Anomalies
Add an
IFnode continuing when a login looks suspicious. - 4
Alert Security
Add a
Slacknode posting the user, location and reason so security can act. - 5
Activate and Test
Activate the workflow and simulate a login from a new country. Confirm the alert fires.
Frequently asked questions
What is impossible travel?
Two logins from distant locations too close in time to be physically possible — a strong compromise signal.
Can it auto-lock accounts?
For high-confidence signals you can trigger a forced re-authentication, but review before hard-locking to avoid lockouts.