The average manual block takes 15–30 minutes. Rapid Reaktor does it in seconds. Self-hosted, configurable, and auditable down to the source alert that triggered every single block.
Turn firewall events into instant enforcement automatically. No scripts. No delays. No analyst bottlenecks.
Palo Alto Firewall
Attack activity is detected in real time
No dashboards, no waiting, no manual triage
Rapid Reaktor Engine
Extracts attacker IPs instantly
Builds and updates block lists automatically
No scripts. No analyst bottlenecks.
Your Firewall
Firewall enforces blocks automatically
Attackers are stopped before they retry or pivot
Always Active
Every new attack strengthens your defense
Your block lists evolve in real time
No agents. No complex integrations. No humans in the loop.
Rapid Reaktor pulls the right IP from raw syslog output, even in NAT and proxy environments where the attacker's real address is buried. No per-rule regex tuning. No manual cleanup. It finds the IP that matters and acts on it.
Rapid Reaktor hosts your EDL directly. It's the authoritative blocklist server your Palo Alto firewall already points at. When an IP gets added, your firewall picks it up on the next poll with zero extra configuration. No API keys to manage. No third-party sync to trust.
Two ports. One Docker Compose command. Runs on the machine you already have. No vendor onboarding, no complex dependencies, no cloud data leaving your network. You're up and blocking within the hour.
Configure exactly what triggers a block: alert type, threshold count, regex pattern, source. Require three hits before an IP gets added. Scope rules to specific firewall sources. Suppress noisy alerts that would create false positives. You control what gets blocked and why.
Every blocked IP expires automatically on the schedule you set. No permanent blocklist bloat. No forgotten entries locking out a legitimate user six months later. Blocks are temporary by default. You decide how long they last.
Every automated block is recorded: the alert that triggered it, the rule that matched, the IP that got added, and the exact timestamp. Nothing is a black box. When someone asks why an IP was blocked, you have a complete answer in seconds. Export to CSV for incident reviews or compliance audits.