Skip to main content

Anomaly Detection

Igris includes built-in anomaly detection that monitors tool call patterns and alerts when suspicious activity is detected. Anomalies are written to the audit trail and broadcast via SSE for real-time dashboard updates.

Detection Methods

Rate Spike Detection

Monitors the rate of tool calls per server and alerts when the rate exceeds a configurable threshold above the rolling average. How it works:
  1. Igris maintains a sliding window of tool call counts per server
  2. On each tool call, the current rate is compared to the rolling average
  3. If the current rate exceeds average × threshold_multiplier, a rate spike anomaly is triggered
Configuration: The threshold multiplier is configurable per server. Default is 3x — meaning a spike is detected when the current rate is 3 times the rolling average.

Destructive Pattern Detection

Watches for tool calls that match known destructive patterns, regardless of policy action. Monitored patterns:
  • delete_* — deletion operations
  • drop_* — schema/table drops
  • truncate_* — data truncation
  • destroy_* — resource destruction
  • purge_* — data purging
Even if a policy allows these calls, the anomaly detector flags them for visibility.

Cooldown

After an anomaly alert fires, a cooldown period prevents alert fatigue. During cooldown, the same anomaly type for the same server won’t fire again. Default cooldown is 5 minutes. This prevents a burst of 100 delete_* calls from generating 100 separate anomaly alerts.

Anomaly Events

When an anomaly is detected, Igris:
  1. Writes an audit event with type anomaly to the audit_events table, including:
    • Anomaly type (rate_spike or destructive_pattern)
    • Server ID
    • Tool name that triggered it
    • Current rate vs. threshold (for rate spikes)
    • Timestamp
  2. Broadcasts via SSE to all connected dashboard clients for the organization
  3. Displays in the dashboard on the Observe page with risk heat map highlighting

Viewing Anomalies

  • Dashboard → Observe — risk heat map highlights servers with recent anomalies
  • Dashboard → Audit Events — filter by type: anomaly to see all anomaly events

Relationship to Policies

Anomaly detection and policies are independent systems:
  • Policies decide whether a tool call is allowed, denied, or alerted
  • Anomaly detection monitors patterns across all tool calls regardless of policy outcome
A tool call can be allowed by policy but still trigger an anomaly alert. This gives you defense in depth — policies enforce rules, anomaly detection catches unexpected patterns.