Total Attacks (24h)
—
Unique Attackers (24h)
—
Countries (24h)
—
High Severity (24h)
—
Total Sessions
—
Commands Run (24h)
—
Files Downloaded (24h)
—
ML Anomalies
—
Severity Trend (7 days)
Protocol Mix (24h)
Attack Timeline
Attack Types (24h)
Sensor Network
0 online
System Health
WebSocket
OFFLINE
API Backend
ONLINE
Events Today
—
ML Detector
—
Threat Intelligence Tables
Top Attackers (24h)
| # | IP Address | Country | Protocol | Hits | Sev |
|---|---|---|---|---|---|
Malware Captures (Dionaea)
0 total
| MD5 Hash | Source IP | Proto | VT Score | Seen |
|---|---|---|---|---|
| No malware captured yet — waiting for Dionaea | ||||
Top Credentials Tried (24h)
Top Targeted Ports (24h)
Hourly Distribution (24h UTC)
Unique Attackers Per Day (14d)
Login Attempts vs Successes (7d)
Cowrie SSH — Deep Dive
SSH · TELNET
Top SSH Commands
| # | Command | Count |
|---|---|---|
| No command data yet | ||
Session Duration
SSH Login Stats (24h)
Total Attempts—
Successes—
Success Rate—
Avg Attempts/Session—
Sessions w/ Commands—
Login Success Rate
— sessions
Auth Outcome Mix
Brute Force Intensity
SSH Activity by Hour
Credential Analysis
30-day window
Password Type Distribution
Password Length Distribution
Top Targeted Usernames
Exploit Events by Hour
Target Port Mix
Top Credential Combinations
| # | Username | Password | Attempts | Password Type |
|---|---|---|---|---|
| Loading credentials… | ||||
Dionaea — Malware & Service Captures
HTTP · SMB · FTP · MySQL · MSSQL · SIP
Total Captures
—
Unique Files
—
VT Detected
—
—% hit rate
Unique Source IPs
—
Malware Captures — Last 14 Days
VT Detection Severity
Service Captures (24h) 0 total
Malware Families (VT)
File Types
Remote Events by Hour
Remote Severity Mix
Recent Malware Samples
| SHA256 | Type | Size | Protocol | Source IP | VT | Family | First Seen |
|---|---|---|---|---|---|---|---|
| Waiting for Dionaea captures… | |||||||
Top Sources (24h)
| # | IP | Proto | Hits |
|---|---|---|---|
| Waiting for Dionaea | |||
Remote Sensor — Friend Honeypot
remote
Events 24h
—
Unique IPs
—
High Severity
—
Last Seen
—
Event Types (24h)
Targeted Ports (24h)
Top Remote Sources
| IP | Country | Proto | Hits | Sev |
|---|---|---|---|---|
| Waiting for remote sensor events | ||||
Credential Attempts
| User | Password | Attempts |
|---|---|---|
| No remote credentials yet | ||
ML Anomaly Detection
0%
Top Flagged Sessions
| Session ID | Source IP | Attack Type | Login Attempts | Commands | Anomaly Score |
|---|---|---|---|---|---|
| Running ML analysis… | |||||
Anomaly vs Normal
—
Geographic Intelligence
Top Attacking Countries (24h)
| # | Country | Unique IPs | Events | High Sev | Top Protocol |
|---|---|---|---|---|---|
| No geo data yet | |||||
Events by Country
Network Intelligence
Top Attacking ISPs / Organisations (7 days)
Persistent Threats — Multi-Day Attackers
| IP | Country | Days | Events | Severity |
|---|---|---|---|---|
| Loading… | ||||
ISP Detail Table
| # | ISP / Organisation | Country | Unique IPs | Events |
|---|---|---|---|---|
| Awaiting geo enrichment… | ||||
Persistent attackers are IPs observed attacking across 2+ different calendar days — indicating systematic, automated threat actors rather than one-off scanners.
ISP data comes from GeoIP enrichment and identifies which hosting providers are most commonly used to launch attacks.
Use this data to identify patterns in attacker infrastructure and correlate with threat intelligence feeds.
Country × Hour Attack Heatmap
Loading…
Live Attack Feed
0 events
| Time | Source IP | Country | Protocol | Attack Type | Port | Severity | Sensor | |
|---|---|---|---|---|---|---|---|---|
| Connecting to live feed… | ||||||||