PHPackages tirreno/tirreno - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Logging & Monitoring](/categories/logging) 4. / 5. tirreno/tirreno ActiveProject[Logging & Monitoring](/categories/logging) tirreno/tirreno =============== Open-source security framework v0.9.12(3mo ago)1.2k30127[3 issues](https://github.com/tirrenotechnologies/tirreno/issues)AGPL-3.0+PHPPHP >=8.0CI passing Since Dec 9Pushed 2mo ago20 watchersCompare [ Source](https://github.com/tirrenotechnologies/tirreno)[ Packagist](https://packagist.org/packages/tirreno/tirreno)[ Docs](https://www.tirreno.com)[ RSS](/packages/tirreno-tirreno/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (7)Versions (14)Used By (0) tirreno ======= [](#tirreno) [![Codacy Badge](https://camo.githubusercontent.com/e416715ca7bae8cc9a6b840a8ad2e4db7708745d3c99d6a189483beeeb9191b3/68747470733a2f2f6170702e636f646163792e636f6d2f70726f6a6563742f62616467652f47726164652f6563333063323866363764653437366638623938643237393830373962646630)](https://app.codacy.com/gh/TirrenoTechnologies/tirreno/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)[![Docker Pulls](https://camo.githubusercontent.com/1dc351fccd5d2575b85c158259d678921bff52acd69f3d56bb11b642768e9865/68747470733a2f2f696d672e736869656c64732e696f2f646f636b65722f70756c6c732f74697272656e6f2f74697272656e6f3f7374796c653d666c6174)](https://hub.docker.com/r/tirreno/tirreno/) [ ![tirreno screenshot](https://camo.githubusercontent.com/1dd1b6880a9f4fd6a64f23370928fe9df0efc88e2afcfe183e464fdf5a687d98/68747470733a2f2f7777772e74697272656e6f2e636f6d2f666972737473637265656e2e6a7067) ](https://www.tirreno.com/) [tirreno](https://www.tirreno.com) is an open-source security framework. tirreno *\[tir.ˈrɛ.no\]* helps understand, monitor, and protect your product from threats, fraud, and abuse. While classic cybersecurity focuses on infrastructure and network perimeter, most breaches occur through compromised accounts and application logic abuse that bypasses firewalls, SIEM, WAFs, and other defenses. tirreno detects threats where they actually happen: inside your product. tirreno is a few-dependency, "low-tech" PHP/PostgreSQL application. After a straightforward five-minute installation, you can ingest events through API calls and immediately access a real-time threat dashboard. Core components --------------- [](#core-components) - **SDKs & API** Integrate tirreno into any product with SDKs. Send events with full context in a few lines of code. - **Built-in dashboard** Monitor and understand your product's security events from a single interface. Ready for use in minutes. - **Single user view** Analyze behaviour patterns, risk scores, connected identities, and activity timelines for a specific user. - **Rule engine** Calculate risk scores automatically with preset rules or create your own customized for your product. - **Review queue** Automatically suspend accounts with risky events or flag them for manual review through threshold settings. - **Field audit trail** Track modifications to important fields, including what changed and when to streamline audit and compliance. Preset rules ------------ [](#preset-rules) `Account takeover` `Credential stuffing` `Content spam` `Account registration` `Fraud prevention` `Insider threat``Bot detection` `Dormant account` `Multi-accounting` `Promo abuse` `API protection` `High-risk regions` Built for --------- [](#built-for) - **Self-hosted, internal and legacy apps**: Embed security layer to extend your security through audit trails, protect user accounts from takeover, detect cyber threats and monitor insider threats. - **SaaS and digital platforms**: Prevent cross-tenant data leakage, online fraud, privilege escalation, data exfiltration and business logic abuse. - **Mission critical applications**: Sensitive application protection, even in air-gapped deployments. - **Industrial control systems (ICS) and command & control (C2)**: Protect, operational technology, command systems, and critical infrastructure platforms from unauthorized access and malicious commands. - **Non-human identities (NHIs)**: Monitor service accounts, API keys, bot behaviors, and detect compromised machine identities. - **API-first applications**: Protect against abuse, rate limiting bypasses, scraping, and unauthorized access. Live demo --------- [](#live-demo) Check out the live demo at [play.tirreno.com](https://play.tirreno.com) (*admin/tirreno*). Requirements ------------ [](#requirements) - **PHP**: Version 8.0 to 8.3 - **PostgreSQL**: Version 12 or greater - **PHP extensions**: `PDO_PGSQL`, `cURL` - **HTTP web server**: `Apache` with `mod_rewrite` and `mod_headers` enabled - **Operating system**: A Unix-like system is recommended - **Minimum hardware requirements**: - **PostgreSQL**: 512 MB RAM (4 GB recommended) - **Application**: 128 MB RAM (1 GB recommended) - **Storage**: Approximately 3 GB PostgreSQL storage per 1 million events Docker-based installation ------------------------- [](#docker-based-installation) To run tirreno within a Docker container you may use command below: ``` curl -sL tirreno.com/t.yml | docker compose -f - up -d ``` Continue with step 4 of [Quickstart](#quickstart-install). Quickstart install ------------------ [](#quickstart-install) 1. [Download](https://www.tirreno.com/download.php) the latest version of tirreno (ZIP file). 2. Extract the tirreno-master.zip file to the location where you want it installed on your web server. 3. Navigate to `http://localhost:8585/install/index.php` in a browser to launch the installation process. 4. After the successful installation, delete the `install/` directory and its contents. 5. Navigate to `http://localhost:8585/signup/` in a browser to create an administrator account. 6. For cron job setup, insert the following schedule (every 10 minutes) expression with the `crontab -e` command or by editing the `/var/spool/cron/your-web-server` file: ``` */10 * * * * /usr/bin/php /absolute/path/to/tirreno/index.php /cron ``` Using Heroku (optional) ----------------------- [](#using-heroku-optional) Click [here](https://heroku.com/deploy?template=https://github.com/tirrenotechnologies/tirreno) to launch heroku deployment. Via Composer and Packagist (optional) ------------------------------------- [](#via-composer-and-packagist-optional) tirreno is published at Packagist and could be installed with Composer: ``` composer create-project tirreno/tirreno ``` or could be pulled into an existing project: ``` composer require tirreno/tirreno ``` SDKs ---- [](#sdks) - [PHP](https://github.com/tirrenotechnologies/tirreno-php-tracker) - [Python](https://github.com/tirrenotechnologies/tirreno-python-tracker) - [NodeJS](https://github.com/tirrenotechnologies/tirreno-nodejs-tracker) Documentation ------------- [](#documentation) See the [User guide](https://docs.tirreno.com/) for details on how to use tirreno, [Developers documentation](https://github.com/tirrenotechnologies/DEVELOPMENT.md) to customize your integration, [Admin documentation](https://github.com/tirrenotechnologies/ADMIN.md) for installation, maintenance and updates. About ----- [](#about) tirreno is an open-source security framework that embeds protection against threats, fraud, and abuse right into your product. The project started as a proprietary system in 2021 and was open-sourced (AGPL) in December 2024. Behind tirreno is a blend of extraordinary engineers and professionals, with over a decade of experience in cyberdefence. We solve real people's challenges through love in *ascétique* code and open technologies. tirreno is not VC-motivated. Our inspiration comes from the daily threats posed by organized cybercriminals, driving us to reimagine the place of security in modern applications. Why the name tirreno? --------------------- [](#why-the-name-tirreno) Tyrrhenian people may have lived in Tuscany and eastern Switzerland as far back as 800 BC. The term "Tyrrhenian" became more commonly associated with the Etruscans, and it is from them that the Tyrrhenian Sea derives its name, which is still in use today. According to historical sources, Tyrrhenian people were the first to use trumpets for signaling about coming threats, which was later adopted by Greek and Roman military forces. While working on the logo, we conducted our own historical study and traced mentions of 'tirreno' back to the 15th-century printed edition of the Vulgate (the Latin Bible). We kept it lowercase to stay true to the original — quite literally, by the book. The tirreno wordmark stands behind the horizon line, as a metaphor of the endless evolutionary cycle of the threat landscape and our commitment to rise over it. Links ----- [](#links) - [Website](https://www.tirreno.com) - [Live demo](https://play.tirreno.com) - [Admin documentation](https://github.com/tirrenotechnologies/ADMIN.md) - [Developers documentation](https://github.com/tirrenotechnologies/DEVELOPMENT.md) - [User guide](https://docs.tirreno.com) - [Mattermost community](https://chat.tirreno.com) Reporting a security issue -------------------------- [](#reporting-a-security-issue) If you've found a security-related issue with tirreno, please email . Submitting the issue on GitHub exposes the vulnerability to the public, making it easy to exploit. We will publicly disclose the security issue after it has been resolved. After receiving a report, tirreno will take the following steps: - Confirm that the report has been received and is being addressed. - Attempt to reproduce the problem and confirm the vulnerability. - Release new versions of all the affected packages. - Announce the problem prominently in the release notes. - If requested, give credit to the reporter. License ------- [](#license) This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License (AGPL) as published by the Free Software Foundation version 3. The name "tirreno" is a registered trademark of tirreno technologies sàrl, and tirreno technologies sàrl hereby declines to grant a trademark license to "tirreno" pursuant to the GNU Affero General Public License version 3 Section 7(e), without a separate agreement with tirreno technologies sàrl. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see [GNU Affero General Public License v3](https://www.gnu.org/licenses/agpl-3.0.txt). Authors ------- [](#authors) tirreno Copyright (C) 2026 tirreno technologies sàrl, Vaud, Switzerland. (License AGPLv3) 't' ### Health Score 47 — FairBetter than 94% of packages Maintenance83 Actively maintained with recent releases Popularity34 Limited adoption so far Community25 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 74.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~35 days Recently: every ~41 days Total 13 Last Release 90d ago PHP version history (2 changes)v0.9.0PHP >=7.2.5 v0.9.1PHP >=8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/005003b9760cce2804471f8a5bee323445dc307583935faf6218c8835a8e8e8a?d=identicon)[tirreno](/maintainers/tirreno) --- Top Contributors [![arina-tirreno](https://avatars.githubusercontent.com/u/172543607?v=4)](https://github.com/arina-tirreno "arina-tirreno (26 commits)")[![tirrenian](https://avatars.githubusercontent.com/u/13100024?v=4)](https://github.com/tirrenian "tirrenian (5 commits)")[![alexanderpt](https://avatars.githubusercontent.com/u/3393377?v=4)](https://github.com/alexanderpt "alexanderpt (1 commits)")[![ivangretsky](https://avatars.githubusercontent.com/u/6697626?v=4)](https://github.com/ivangretsky "ivangretsky (1 commits)")[![m8522s](https://avatars.githubusercontent.com/u/43844394?v=4)](https://github.com/m8522s "m8522s (1 commits)")[![yugaego](https://avatars.githubusercontent.com/u/296460?v=4)](https://github.com/yugaego "yugaego (1 commits)") --- Tags antispamapplication-monitoringaudit-logsaudit-trailsbot-detectionbot-managementcybersecurity-projectscybersecurity-toolsfraudfraud-detectionfraud-preventionintelligenceintranetlog-analysisphp-projectphp-scriptssecurity-analyticssecurity-frameworksiemuser-monitoringmonitoringanalyticsantispamaudit-trailfraud detectionbot-detectiontirrenoapplication-monitoring ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/tirreno-tirreno/health.svg) ``` [![Health](https://phpackages.com/badges/tirreno-tirreno/health.svg)](https://phpackages.com/packages/tirreno-tirreno) ``` ### Alternatives [matomo/matomo Matomo is the leading Free/Libre open analytics platform 21.4k37.3k](/packages/matomo-matomo)[rollbar/rollbar Monitors errors and exceptions and reports them to Rollbar 33723.7M82](/packages/rollbar-rollbar)[datadog/php-datadogstatsd An extremely simple PHP datadogstatsd client 19124.6M15](/packages/datadog-php-datadogstatsd)[muhammadsadeeq/laravel-activitylog-ui A beautiful, modern UI for Spatie's Activity Log with advanced filtering, analytics, and real-time features. 17510.1k](/packages/muhammadsadeeq-laravel-activitylog-ui) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)