svCAT- AI Powered Watchdog

svCAT is an AI-powered server monitor that detects real-time anomalies in metrics, logs, user and IP behavior - helping prevent performance issues, failures, and security threats before they escalate

Comment

Inspiration

Traditional server monitoring tools often fall short when it comes to identifying subtle or evolving threats especially those caused by unusual user behavior, IP misuse, or a combination of system metrics. We wanted to create something smarter: an AI-driven solution that could detect issues before they escalate.

What svCAT Does

  • Continuously monitors system metrics like CPU, memory, disk, and network usage across distributed servers
  • Analyzes server logs in real-time to detect suspicious patterns or unexpected behaviors
  • Tracks user and IP behavior to identify anomalies such as brute-force attempts, unusual access times, rare endpoints or something that's out of the pattern
  • Uses an ML model to detect both known and unknown anomalies without manual rules
  • Provides real-time alerts and a clean dashboard to help users act quickly
  • Offers AI-powered insights to explain anomalies and assist in root cause analysis

How We Built It

  • Frontend: React + TailwindCSS
  • Backend: Node.js with Socket.IO for real-time communication
  • AI Layer: Python-based anomaly detection models
  • Database: MongoDB for persistent storage
  • Agents: Lightweight python based monitoring script installed on User servers
  • LLM: Hosted our own LLM to analyze the anomalies and detect potential cause

Challenges We Faced

  • Managing and deduplicating thousands of anomalies in real-time
  • Ensuring last seen timestamps update accurately
  • Balancing sensitivity and specificity in anomaly detection
  • Designing AI insights that are both actionable and explainable to users

Accomplishments That We're Proud Of

  • Successfully built an end-to-end real-time monitoring platform in just a few weeks
  • Developed a custom machine learning tool to detect anomalies across metrics, logs, and user/IP behavior
  • Integrated an LLM for users to get detailed information about the threats
  • Enabled a scalable socket-based architecture to handle high-throughput telemetry data
  • Created a user-friendly dashboard that visualizes complex insights clearly

What We Learned

  • How to stream and analyze real-time server data using WebSockets
  • Applying AI to detect anomalies across metrics, logs, and user/IP patterns
  • Building an efficient and responsive UI for real-time monitoring
  • Structuring modular agents for data collection from remote servers

What’s Next for svCAT – AI Powered Watchdog

  • Implementing root cause analysis using LLMs and graph-based correlation
  • Improving anomaly explanation using natural language prompts
  • Adding alert integrations with Slack, PagerDuty and email
  • Deploying to production environments and onboarding early adopters
Share this project:

Updates