Logstash and ip reputation

Hello,

I have an ELK for my Apache Logs, everything OK.

I would like to query a reputation IP database to detect tor, vpn, open-proxy .... traffic on my website.

have you got any idea ?

I havec contacted http://www.brightcloud.com/ and https://www.maxmind.com/ without success.

Only 2 things I can think of if it is not already in your data

You can have a file dictionary but I don't think that is what you want.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html

The other idea, is just write the ruby code to fetch the data you need
https://www.elastic.co/guide/en/logstash/current/plugins-filters-ruby.html

We currently do this using the translate filter pointing to a YAML file structured like

<IP>: "<category>"

The dictionary, around 200k items, is loaded into memory on startup so it's quite performant. Alhough not ideal it works for our tactical solution.