See threats before they hit you— powered by a federated network.
LR Intel combines per-tenant risk scoring with federated threat intelligence: anonymized attack patterns shared across the LR Defender network. Opt in to contribute and consume cross-tenant signals—device blocklists, IP reputation, and bot signatures—without exposing raw identifiers or customer data.
Anonymized identifiers
Tenant-controlled sharing
Consensus threshold
Federated lookup
Capabilities
Everything you need
Federated Threat Intelligence
Anonymized attack patterns—credential stuffing waves, bot farms, scraping campaigns—shared across opt-in tenants. SHA-256 hashing strips device hashes, IPs, and tenant IDs before data enters the network.
Privacy-Preserving by Design
No PII, no raw fingerprints, no cross-tenant data leakage. Contributors hash identifiers locally; the network stores only aggregated threat types, severity, and anonymized source counts.
Consensus-Based Blocking
Devices are auto-blocked only after corroboration: minimum report count from multiple independent tenants. Reduces false positives from single-tenant noise.
Risk Scoring Engine
Every device and session receives a composite risk score based on fingerprint stability, behavioral signals, network analysis, federated context, and historical patterns.
Threat Feed Integration
Aggregate threat data from LR Shield network intelligence, community abuse reports, and federated tenant contributions into a unified assessment.
Bot Signature Sharing
Cross-tenant bot signature sightings confirm automation frameworks seen by multiple defenders. Signatures are hashed and deduplicated before network distribution.
Anomaly Alerting
Real-time alerts when unusual patterns are detected — traffic spikes, new attack vectors, geographic anomalies, or sudden behavior changes.
Attack Pattern Recognition
ML models detect emerging attack patterns before they're widely known. Credential stuffing waves, scraping campaigns, and DDoS probes identified in real time.
Webhook Notifications
Real-time webhook delivery for critical threats. Integrate with Slack, PagerDuty, Opsgenie, or your custom SIEM for instant response.
How It Works
Three steps to get started
Opt in to the network
Enable federated threat sharing in tenant settings. Contribution and consumption are both opt-in—you control what leaves your boundary.
Report & receive signals
High-risk events are anonymized and reported to the federated pool. Incoming signals enrich device checks, IP reputation, and bot detection on every request.
Automate response
Route federated blocks and elevated risk scores to blocklists, SOAR playbooks, or analyst queues. Clean traffic proceeds without friction.
Integration
A few lines of code
Get LR Intel running in your application with our TypeScript SDK. Full type safety, comprehensive documentation, and framework-agnostic design.
import { LightningResearch } from '@lightningresearch/sdk'
const client = new LightningResearch({
apiKey: process.env.LR_API_KEY,
endpoint: 'https://api.lrdefender.lightningresearch.ai',
})
const result = await client.identify()
// Federated threat signals appear in smartSignals:
console.log(result.smartSignals?.federatedThreat)
// {
// "known": true,
// "blocked": false,
// "riskScore": 0.42,
// "crossTenantReports": 4
// }
console.log(result.smartSignals?.federatedIpReputation)
// {
// "known": true,
// "reputation": "suspicious",
// "score": 0.35
// }
Use Cases
Built for real-world security
Cross-tenant bot farm detection
A bot farm blocked by one merchant is instantly known to the entire federated network—before the same devices attack your checkout flow.
Fraud ops & chargeback review
Prioritize manual reviews when Intel lifts risk on shipping addresses, payout rails, or high-value transfers—fewer touches on obviously clean traffic.
SOC & SIEM enrichment
Append federated device risk, IP reputation, and cross-tenant report counts to existing alerts so L1 triage clears noise before paging on-call.
Edge & WAF policy
Tighten rules for devices with federated block consensus while leaving first-seen clean traffic alone—reduce collateral damage.
Privacy-compliant threat sharing
Contribute to collective defense without sharing customer data, raw IPs, or identifiable device fingerprints across tenant boundaries.
Get started with LR Intel
Free tier includes 10,000 identifications per month. No credit card required.
Privacy-Preserving Network
How federated threat intelligence works
Attack patterns are shared across the LR Defender network without exposing tenant identities, raw device hashes, or IP addresses. Every contribution is opt-in, rate-limited, and anonymized before it enters the shared pool.
Opt-in reporters
Tenant A
Bot farm detected
Tenant B
Credential stuffing
Tenant C
Scraping campaign
Raw identifiers never leave your boundary. Only anonymized threat patterns enter the network.
- Cross-tenant device blocklist
- IP reputation scores
- Bot signature sightings
Block threshold: ≥3 reports from ≥2 tenants
All network members receive
Opt-in only
Tenants choose whether to contribute and consume federated signals.
Zero raw data
Device hashes, IPs, and tenant IDs are SHA-256 anonymized before sharing.
Consensus blocking
Automatic blocks require corroboration from multiple independent tenants.
Live Demo
Threat Assessment
Enter an IP address to see real-time threat intelligence.