Triage noisy traffic faster with network-backed risk scores.
Enrich IPs and sessions with composite risk, proxy and datacenter signals, and LR Shield network context—so analysts stop chasing every alert and automate block or review based on evidence, not guesswork.
Normalized threat score
Typical IP assessment
Intel fusion
Critical alert path
Capabilities
Everything you need
Risk Scoring Engine
Every device and session receives a composite risk score based on fingerprint stability, behavioral signals, network analysis, and historical patterns.
Threat Feed Integration
Aggregate threat data from multiple intelligence sources, botnet command-and-control databases, and real-time abuse reports from our network.
Botnet Detection
Identify devices that are part of known botnets. Detect command-and-control communication patterns and compromised device fingerprints.
Anomaly Alerting
Real-time alerts when unusual patterns are detected — traffic spikes, new attack vectors, geographic anomalies, or sudden behavior changes.
IP Blocklist Management
Maintain and sync IP blocklists across your infrastructure. Auto-update from threat feeds or manually curate lists for your specific use case.
Attack Pattern Recognition
ML models detect emerging attack patterns before they're widely known. Credential stuffing waves, scraping campaigns, and DDoS probes identified in real time.
Threat Timeline
Chronological view of all threat events for any device or IP. Understand the full attack narrative and track threat actors across sessions.
Webhook Notifications
Real-time webhook delivery for critical threats. Integrate with Slack, PagerDuty, Opsgenie, or your custom SIEM for instant response.
Threat Dashboards
Executive-level threat overview with drill-down capabilities. Track threat trends, attack sources, and the effectiveness of your security rules.
How It Works
Three steps to get started
Turn on Intel
Flip Intel on for your tenant—assessments and enrichments apply to traffic you already send through LR Defender APIs.
Score every touchpoint
Each IP or session is evaluated against aggregated feeds, infrastructure signals, and historical abuse from the LR Shield network.
Automate response
Route high scores to blocklists, SOAR playbooks, or analyst queues; keep low-friction paths for clean traffic via your existing rules.
Integration
A few lines of code
Get LR Intel running in your application with our TypeScript SDK. Full type safety, comprehensive documentation, and framework-agnostic design.
import { LightningResearch } from '@lightningresearch/sdk'
const client = new LightningResearch({
apiKey: process.env.LR_API_KEY,
endpoint: 'https://api.lrdefender.lightningresearch.ai',
})
const threat = await client.threat.assess("203.0.113.10")
console.log(threat)
// Sample threat.assess() JSON response:
// {
// "ip": "203.0.113.10",
// "threatScore": 0.12,
// "threatLevel": "low",
// "categories": [],
// "network": {
// "isProxy": false,
// "isVpn": false,
// "isTor": false,
// "isDatacenter": false,
// "asn": 64500,
// "org": "Example ISP LLC"
// },
// "geo": {
// "country": "US",
// "region": "CA",
// "city": "San Francisco"
// },
// "intel": {
// "sources": ["lr_shield", "community_reports"],
// "lastSeenBadActivity": null
// },
// "assessedAt": "2026-04-14T09:18:22.000Z",
// "requestId": "req_01jq8k3m..."
// }
Use Cases
Built for real-world security
Fraud ops & chargeback review
Prioritize manual reviews when Intel lifts risk on shipping addresses, payout rails, or high-value transfers—fewer touches on obviously clean traffic.
SOC & SIEM enrichment
Append IP reputation, proxy flags, and ASN context to existing alerts so L1 triage clears noise before paging on-call.
Edge & WAF policy
Tighten rules for datacenter and anonymizer traffic during attacks while leaving residential ASNs alone—reduce collateral damage.
Incident response timelines
Reconstruct how a bad IP moved across sessions and devices with scored events instead of raw logs alone.
Vendor & partner risk
Score API callers and B2B integrations by infrastructure signals before you grant elevated scopes or higher rate limits.
Get started with LR Intel
Free tier includes 10,000 identifications per month. No credit card required.
Live Demo
Threat Assessment
Enter an IP address to see real-time threat intelligence.