Every bot leaves
chaff behind.
An agent that reads your site, writes detection tailored to your routes, and hunts continuously.
Paste your URL
Firecrawl scans your site — detects your stack, login pages, API surface, and admin paths. Recon, not guesswork.
Connect Elasticsearch
We sample one log document and auto-map the schema. No field-picking, no manual config. ECS or custom — it just works.
Get a custom detector pack
The agent writes 4–6 ES rules tailored to YOUR routes — credential stuffing on your real login, scraping on your real APIs. Live in 30 seconds.
An analyst that actually does the work.
Most bot detection stops at a dashboard. Chaff goes further: the agent reasons over your real logs, runs aggregations, samples suspicious sessions, and writes a verdict with citations.
- Live human-vs-bot timeline from your index
- User-agent fingerprinting (scrapers, headless browsers, libraries)
- Per-IP investigation with evidence trails
- Persistent threat log you can triage
/api/products at 6.9 req/s with no session cookie.Built to deploy, not just to demo.
Continuous monitoring
An hourly worker re-runs your detector pack against the last 24h, refreshes offender intel, and opens new findings — no dashboard-watching required.
Zero false-positive bots
Forward-confirmed reverse-DNS allowlists Googlebot, Bingbot, Applebot and friends. AbuseIPDB scores every offender so you never page on a legit crawler.
Deployable mitigations
Export high-confidence offenders as nginx, Cloudflare WAF, or iptables rules. From detection to deny-list in two clicks.
Two inputs. No install. Built for security teams.
Every other tool ships generic bot rules. Chaff reads your site first, then writes detection rules that target your actual attack surface — and keeps them tuned.