Getting Started Dashboard Alert channels PRO features Log stream labels API reference Troubleshooting

Language

EN PL DE FR ES ZH

RIVET SECURITY Documentation

Everything you need to install, configure and operate RIVET SECURITY. Pick your language at the bottom of the sidebar.

$curl -fsSL https://get.rivet-security.com | sh

Getting Started

Installation

Install RIVET SECURITY with a single command — it pulls the Docker image and starts the agent.

curl -fsSL https://get.rivet-security.com | sh

Requirements: a Linux host with Docker 24.0+ and Docker Compose.

docker --version        # 24.0+ required
docker compose version

First setup

Configure your log paths and alert channels in the environment file, then start the containers.

nano /opt/rivet/.env
docker compose up -d

Verify it works

Call the health endpoint — you should get an OK response with the running version.

curl localhost:8080/api/v1/health
# {"status":"ok","version":"1.0.0"}

Dashboard

The dashboard is your real-time operations console. Every section updates live.

Status — uptime, CPU, memory, disk, connections and today’s blocks at a glance.

Alerts — security events triaged by severity, with source IP and action taken.

Blocked IPs — manage the nftables drop set; extend, unblock or add IPs manually.

SSH Logs — the live log stream across SSH, Nginx and Apache with filters.

Settings — server info, licence, features and alert channels.

Alert channels

RIVET SECURITY can notify you on Telegram, Slack, Discord and email. Set the relevant variables in .env.

RIVET_TELEGRAM_TOKEN=123456:ABC-DEF
RIVET_TELEGRAM_CHAT=8842019

Slack / Discord

RIVET_SLACK_WEBHOOK=https://hooks.slack.com/services/...
RIVET_DISCORD_WEBHOOK=https://discord.com/api/webhooks/...

RIVET_SMTP_HOST=smtp.example.com
RIVET_ALERT_EMAIL=lukas@rivet-security.com

PRO features

These features are included in the PRO tier (€99).

WAF — OWASP core ruleset blocks SQLi, XSS, RCE, SSRF and path traversal.

Security Score — CIS-benchmark hardening audit with copy-paste fixes.

Threat Intel — curated reputation and botnet feeds, auto-refreshed.

Attack Origins — live global heatmap ranked by attack volume.

Log stream labels

On the Logs page, filter chips are split into two groups — log source and severity level.

Sources

SSH — authentication and shell access (port 22).

NGINX — Nginx access and error logs.

APACHE — Apache HTTP server logs.

SYS — system and Rivet engine events.

Levels

INFO — normal operational messages.

OK — successful checks and clean events.

WARN — suspicious activity worth watching.

BLOCK — Rivet blocked an IP or dropped traffic.

API reference

Every action is available over a token-authenticated REST API. Pass your key as a Bearer token.

curl -H "Authorization: Bearer $RIVET_API_KEY" \
  https://node-7a:8080/api/v1/status

Endpoints

GET    /api/v1/status
GET    /api/v1/blocks
POST   /api/v1/blocks      { "ip": "1.2.3.4", "ttl": 86400 }
DELETE /api/v1/blocks/:ip
POST   /api/v1/score/scan

Troubleshooting

Start by tailing the container logs.

docker compose logs -f rivet

Container won’t start — check Docker is running and port 8080 is free.

No logs appearing — verify SSH_LOG_PATH and NGINX_LOG_PATH point to real files.

Alerts not arriving — re-check webhook URLs and run rivet test-alert.

Still stuck? Email lukas@rivet-security.com with your container logs.