Credential Anomaly Detection System

A real-time monitoring and alerting system that analyzes user login behavior and identifies anomalous patterns indicative of credential compromise, based on the APT28 and ForumTroll phishing schemes. Utilizes machine learning to establish baseline behavior and flag suspicious activity, tailoring alerting thresholds to reduce false positives.

technology stack