Dev Ops · n8n

Detect Anomalous Logins in Your Audit Log and Alert Security

Catch account compromise early — monitor your audit log for suspicious logins like new countries or impossible travel and alert security instantly.

difficulty Advancedsetup 40 minresult Suspicious access is flagged the moment it happens, letting security respond before damage spreads.
  1. 1

    Ingest Login Events

    Add a Webhook node receiving each authentication event with user, IP and location.

  2. 2

    Compare to History

    Add a Code node checking for new countries, impossible travel, or many failed attempts against stored history.

  3. 3

    Flag Anomalies

    Add an IF node continuing when a login looks suspicious.

  4. 4

    Alert Security

    Add a Slack node posting the user, location and reason so security can act.

  5. 5

    Activate and Test

    Activate the workflow and simulate a login from a new country. Confirm the alert fires.

Frequently asked questions

What is impossible travel?

Two logins from distant locations too close in time to be physically possible — a strong compromise signal.

Can it auto-lock accounts?

For high-confidence signals you can trigger a forced re-authentication, but review before hard-locking to avoid lockouts.

About this recipe. Recipes on FlowRecipesHub are written for business owners, not developers, and are tested before publishing — how recipes get made. Some ingredient links are affiliate links that cost you nothing — full disclosure.