detecting-anomalous-authentication-patterns

Installation
SKILL.md

Detecting Anomalous Authentication Patterns

When to Use

  • Security operations needs to identify compromised accounts from authentication log analysis
  • Implementing impossible travel detection to flag geographically inconsistent logins
  • Detecting brute force, password spraying, and credential stuffing attacks in real time
  • Building behavioral baselines for users to identify deviations indicating account compromise
  • Correlating authentication anomalies with threat intelligence for lateral movement detection
  • Investigating alerts from SIEM or IdP for suspicious sign-in activity

Do not use for static rule-based alerting on single failed logins; anomaly detection requires statistical baselines across time and entity dimensions to reduce false positives.

Prerequisites

Installs
76
GitHub Stars
24.7K
First Seen
Mar 16, 2026
detecting-anomalous-authentication-patterns — mukul975/anthropic-cybersecurity-skills