Open source | Live demo | Documentation | Contact | Blog
Open-source SIEM for web application Platform Use cases How it works Pricing About
Arrow Download
The Lac d'Émosson, Valais, Switzerland.


01.
Data
ingestion


02.
Data
enrichment


03.
Risk-based
analysis


04.
Review & 
autoblocking

tirreno receives real-time user event data from your applications through API calls.

 

User context and proprietary API enrich data, transforming it into actionable intelligence.

 

The rule engine processes data to identify positive signals, red flags, and regularities to revaluate the risk score.

 

Flagged accounts go to manual validation. Accounts with the lowest trust scores may be automatically blacklisted to prevent further access to your app.

‐ User ID
‐ Event type
‐ Time stamp
‐ User agent
‐ IP address
‐ Requested URI
‐ Email address*
‐ Phone number*
 
‐ User activity metrics
‐ Behavioral data
‐ Device model
‐ IP blacklist matching
‐ Email intelligence*
‐ Disposable email*
‐ Domain intelligence*
‐ Phone data enrichment*
‐ IP geolocation*
‐ VPN/Datacenter detection*
‐ ASN information*
 
ⓘ Brute-force attack
ⓘ Account takeover
ⓘ New account fraud
ⓘ Merchant fraud
ⓘ Fake listings
ⓘ Compromised accounts
ⓘ Inventory hoarding
ⓘ Payment fraud
ⓘ Account sharing
ⓘ Insider threats
ⓘ Dormant accounts
ⓘ Content abuse
↳ Manual review queue
↳ Blacklist
* — optional

Open-source fraud prevention platform

Open-source security analytics
reimagened for digital services.

Use cases

How it works

Pricing

About

Download

Live demo

Github

Dockerhub

Documentation

Blog

General team@tirreno.com
Support ping@tirreno.com
Security atdt@tirreno.com

Terms & conditions
Privacy policy
Imprint | Contact

Rte des Flumeaux 48
unlimitrust campus
CH-1008 Prilly
Switzerland Switzerland

©2025, tirreno