Anomaly Detection
CloudWise Shield includes automatic cost anomaly detection that monitors your AWS spending 24/7 and alerts you when unusual patterns are detected.
How It Works
- Daily Analysis: Every morning at 8 AM UTC, we analyze your past 30 days of AWS costs
- Statistical Detection: We use z-score analysis to identify costs that significantly deviate from your historical baseline
- Smart Alerts: Only meaningful spikes are flagged (minimum $5 change, >2 standard deviations)
- Instant Notifications: Receive alerts via Slack and/or email within minutes of detection
Severity Levels
| Severity | Trigger | Description |
|---|---|---|
| 🔴 CRITICAL | >4 std devs | Extreme cost spike requiring immediate attention |
| 🟠 HIGH | >3 std devs | Significant cost increase, investigate soon |
| 🟡 MEDIUM | >2 std devs | Notable deviation from normal spending |
| 🟢 LOW | >1.5 std devs | Minor variance, worth monitoring |
Setting Up Slack Alerts
CloudWise supports per-category Slack channels — anomaly detection can send to its own dedicated channel, separate from budget alerts, waste reports, and remediation notifications. See the Slack Integration Guide for the full multi-channel setup.
Quick Setup
-
Create a Slack Incoming Webhook:
- Go to Slack API
- Click "Create your Slack app" (or use an existing CloudWise app)
- Enable "Incoming Webhooks"
- Click "Add New Webhook to Workspace"
- Select the channel for anomaly alerts (e.g.
#cost-anomalies) - Copy the webhook URL
-
Configure in CloudWise:
- Go to Settings → Notifications
- Find the Cost Anomaly Detection card
- Toggle "Enable Slack notifications"
- Paste your webhook URL
- Click "Test Connection" to verify
- Save your preferences
Alert Configuration
Threshold Percentage
Set the minimum percentage increase to trigger an alert (default: 20%).
For example, with a 20% threshold:
- If your average EC2 cost is $100/day
- An alert triggers when daily EC2 cost exceeds $120
Minimum Spend
Filter out noise by setting a minimum dollar change (default: $5).
This prevents alerts for services with very low baseline costs where small absolute changes can create large percentage swings.
Viewing Alerts
Dashboard Widget
The Cost Anomalies widget on your dashboard shows recent alerts:
- Click an alert to see details
- Use "Acknowledge" to mark as reviewed
- Acknowledged alerts won't show as pending
Alert Details
Each alert includes:
- Service & Region: Which AWS service and where
- Baseline Cost: Your 7-day average
- Current Cost: Today's actual cost
- Change Amount: Dollar increase
- Percentage Change: How much higher than normal
- Severity: Urgency level
Best Practices
- Start with Default Thresholds: The 20% threshold works well for most accounts
- Connect Slack First: Real-time alerts help you respond faster
- Review Weekly: Check the alerts dashboard even for acknowledged items
- Tune Over Time: If you get too many alerts, increase the threshold
- Act on CRITICAL: These warrant immediate investigation
What Triggers False Positives?
Sometimes anomalies aren't problems:
- Monthly billing cycles: Some services bill at month end
- Scheduled jobs: Batch processing that runs periodically
- New resources: Just-launched services will spike initially
If you see a recurring pattern, it's not a true anomaly. Consider adjusting thresholds or acknowledging expected spikes.
Frequently Asked Questions
Q: Why didn't I get an alert?
- The change may be below your threshold
- You need at least 7 days of cost history for analysis
- Check that Slack webhook URL is valid
Q: Can I get alerts in Microsoft Teams?
- Not yet, but it's on our roadmap. Slack and email are currently supported.
Q: How quickly are alerts sent?
- Detection runs daily at 8 AM UTC
- Slack/email notifications are sent within minutes of detection
Q: Is anomaly detection available on Free tier?
- No, anomaly detection is a Shield tier feature (from $19/mo or $149/year)