Reveal, a Logstash plugin for robot detection and traffic intelligence


(François Hodierne) #1

Hi everyone,

At Access Watch, we released last week Reveal, a new product that bring robot detection and traffic intelligence to your log pipeline. I'm super happy to share with you that Reveal is now available as a Logstash plugin.

The plugin let you augment your Access Logs with our intelligence. With the added metadata, your Access Logs are becoming suddenly way more useful. For each request, you'll know:

  • which one are from a robot
  • what is the exact robot behind the request
  • which requests looks legit, suspicious or bad
  • which threats are attached to the request (brute force, spam, suspicious scan)

Fyi, because we operate as a service, we plan to charge for it, but there will always be a free tier, currently up to 10K API requests per day (only one request per User Agent + IP address is made, the result is usually cached by the libraries).

So, if you already have GeoIP and User Agent parsing activated, the extra information will be a nice addition to your logs. If you're interested, you can check the product page and configuration instructions:

https://access.watch/reveal
https://access.watch/reveal/logstash

And the GitHub repository is here:

Supper happy to have your feedback on it!