Key features of 5G networks include, among others, softwarisation (enabling network functions to be deployed as software components rather than hardware modules) and decentralised deployments (with compute resources pushed to the edge of the network). These features bring unprecedented benefits, yet they also widen the attack surface, making the network more prone to cyberattacks and calling for more sophisticated security controls. In this work we will show how the combined collection and processing of monitoring metrics from the RAN (Radio Access Network) and the edge can be used to detect anomalies and identify attacks both to the 5G edge application as well as the infrastructure. Our approach uses supervised learning and bidirectional LSTMs to yield quite promising results, operating in real time in a full-stack 5G testbed.