marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7b85fcc020
ids.alfacom.it/attached_assets/Pasted-curl-http-localhost-8000-stats-2-1-logs-total-139583988-last-hour-7497648-detections--1763450777277_1763450777277.txt
marco370 94724ff580 Add ability to detect and block malicious network traffic based on risk 
Adds functionality to detect network anomalies and block suspicious IP addresses.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: e23fa694-b094-4b45-9ce0-0dbf8fd7a9e2
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/1P26v7M
2025-11-18 07:31:39 +00:00

32 lines
8.7 KiB
Plaintext
Raw Blame History

curl http://localhost:8000/stats 2>&1
{"logs":{"total":139583988,"last_hour":7497648},"detections":{"total":0,"blocked":0},"routers":{"active":1},"latest_training":null}[root@ids deployment]# psql -h 127.0.0.1 -U ids_user -d ids_databapsql -h 127.0.0.1 -U ids_user -d ids_database -c "
SELECT source_ip, risk_score, anomaly_type, log_count
FROM detections
WHERE risk_score >= 75
ORDER BY risk_score DESC
LIMIT 20;
> "
source_ip | risk_score | anomaly_type | log_count
-----------+------------+--------------+-----------
(0 rows)
[root@ids deployment]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "
SELECT source_ip, risk_score, anomaly_type, log_count
FROM detections
WHERE risk_score >= 75
ORDER BY risk_score DESC
LIMIT 20;
"
source_ip | risk_score | anomaly_type | log_count
-----------+------------+--------------+-----------
(0 rows)
[root@ids deployment]# curl -X POST http://localhost:8000/detect \
-H "Content-Type: application/json" \
-d '{
"max_records": 50000,
"auto_block": false,
"risk_threshold": 75
}'
{"detections":[{"source_ip":"185.203.26.201","risk_score":100.0,"confidence":100.0,"anomaly_type":"ddos","reason":"Alta frequenza connessioni (178 conn/s); Burst anomali (max 1772 conn/10s)","log_count":4093,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.25.233","risk_score":98.65536174510552,"confidence":98.65536174510552,"anomaly_type":"brute_force","reason":"Burst anomali (max 698 conn/10s)","log_count":1511,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.27.27","risk_score":98.65536174510552,"confidence":98.65536174510552,"anomaly_type":"ddos","reason":"Alta frequenza connessioni (117 conn/s); Burst anomali (max 1150 conn/10s)","log_count":2226,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:24"},{"source_ip":"111.47.247.214","risk_score":98.0983099028909,"confidence":98.0983099028909,"anomaly_type":"brute_force","reason":"Burst anomali (max 876 conn/10s)","log_count":1947,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.0.254.129","risk_score":97.43233042808087,"confidence":97.43233042808087,"anomaly_type":"brute_force","reason":"Burst anomali (max 706
conn/10s)","log_count":1169,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:26"},{"source_ip":"185.203.25.227","risk_score":96.54855291071661,"confidence":96.54855291071661,"anomaly_type":"brute_force","reason":"Burst anomali (max 592 conn/10s)","log_count":1334,"first_seen":"2025-11-18T08:25:06","last_seen":"2025-11-18T08:25:27"},{"source_ip":"185.203.27.25","risk_score":96.54855291071661,"confidence":96.54855291071661,"anomaly_type":"brute_force","reason":"Burst anomali (max 564 conn/10s)","log_count":1100,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.24.22","risk_score":96.43841668975382,"confidence":96.43841668975382,"anomaly_type":"brute_force","reason":"Burst anomali (max 724 conn/10s)","log_count":1343,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.0.254.228","risk_score":96.21836767181672,"confidence":96.21836767181672,"anomaly_type":"brute_force","reason":"Burst anomali (max 786 conn/10s)","log_count":990,"first_seen":"2025-11-18T08:25:08","last_seen":"2025-11-18T08:25:28"},{"source_ip":"82.62.84.108","risk_score":96.10845477411075,"confidence":96.10845477411075,"anomaly_type":"brute_force","reason":"Burst anomali (max 628 conn/10s)","log_count":1228,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.25.211","risk_score":95.7791619223686,"confidence":95.7791619223686,"anomaly_type":"brute_force","reason":"Burst anomali (max 618 conn/10s)","log_count":1046,"first_seen":"2025-11-18T08:25:06","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.24.23","risk_score":95.45053677786626,"confidence":95.45053677786626,"anomaly_type":"brute_force","reason":"Burst anomali (max 610 conn/10s)","log_count":1080,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.26.34","risk_score":92.63022083908874,"confidence":92.63022083908874,"anomaly_type":"brute_force","reason":"Burst anomali (max 386 conn/10s)","log_count":746,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.26.17","risk_score":92.5227348113402,"confidence":92.5227348113402,"anomaly_type":"brute_force","reason":"Burst anomali (max 312 conn/10s)","log_count":666,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"54.36.50.241","risk_score":92.5227348113402,"confidence":92.5227348113402,"anomaly_type":"brute_force","reason":"Burst anomali (max 428 conn/10s)","log_count":868,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.0.249.160","risk_score":91.34517583766116,"confidence":91.34517583766116,"anomaly_type":"brute_force","reason":"Burst anomali (max 356 conn/10s)","log_count":1018,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"37.59.16.20","risk_score":91.23855895971424,"confidence":91.23855895971424,"anomaly_type":"brute_force","reason":"Burst anomali (max 292 conn/10s)","log_count":722,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"79.124.56.186","risk_score":91.23855895971424,"confidence":91.23855895971424,"anomaly_type":"brute_force","reason":"Burst anomali (max 270 conn/10s)","log_count":588,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"37.59.16.12","risk_score":90.2822462129067,"confidence":90.2822462129067,"anomaly_type":"brute_force","reason":"Burst anomali (max 288 conn/10s)","log_count":662,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.0.254.124","risk_score":87.7387515203017,"confidence":87.7387515203017,"anomaly_type":"brute_force","reason":"Burst anomali (max 226 conn/10s)","log_count":543,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.25.69","risk_score":85.87429568835947,"confidence":85.87429568835947,"anomaly_type":"brute_force","reason":"Burst anomali (max 252 conn/10s)","log_count":478,"first_seen":"2025-11-18T08:25:07","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.25.254","risk_score":85.56575464485954,"confidence":85.56575464485954,"anomaly_type":"brute_force","reason":"Burst anomali (max 302 conn/10s)","log_count":468,"first_seen":"2025-11-18T08:25:06","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.1.0.254","risk_score":84.35897131337822,"confidence":84.35897131337822,"anomaly_type":"brute_force","reason":"Burst anomali (max 198 conn/10s)","log_count":478,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"185.203.25.157","risk_score":82.51454532281521,"confidence":82.51454532281521,"anomaly_type":"brute_force","reason":"Burst anomali (max 200 conn/10s)","log_count":406,"first_seen":"2025-11-18T08:25:06","last_seen":"2025-11-18T08:25:28"},{"source_ip":"67.213.119.137","risk_score":79.84141385465612,"confidence":79.84141385465612,"anomaly_type":"brute_force","reason":"Burst anomali (max 152 conn/10s)","log_count":342,"first_seen":"2025-11-18T08:25:06","last_seen":"2025-11-18T08:25:28"},{"source_ip":"213.175.208.76","risk_score":79.34208252729651,"confidence":79.34208252729651,"anomaly_type":"brute_force","reason":"Burst anomali (max 166 conn/10s)","log_count":348,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"160.202.129.17","risk_score":78.9831217467157,"confidence":78.9831217467157,"anomaly_type":"brute_force","reason":"Burst anomali (max 148 conn/10s)","log_count":350,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"72.46.85.161","risk_score":78.75788463149773,"confidence":78.75788463149773,"anomaly_type":"brute_force","reason":"Burst anomali (max 148 conn/10s)","log_count":314,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"},{"source_ip":"10.0.249.26","risk_score":78.65399050354334,"confidence":78.65399050354334,"anomaly_type":"brute_force","reason":"Burst anomali (max 194 conn/10s)","log_count":194,"first_seen":"2025-11-18T08:25:11","last_seen":"2025-11-18T08:25:19"},{"source_ip":"10.0.249.226","risk_score":78.4865365136282,"confidence":78.4865365136282,"anomaly_type":"brute_force","reason":"Comportamento anomalo (brute_force)","log_count":96,"first_seen":"2025-11-18T08:25:13","last_seen":"2025-11-18T08:25:13"},{"source_ip":"64.34.90.127","risk_score":77.41897998656094,"confidence":77.41897998656094,"anomaly_type":"brute_force","reason":"Burst anomali (max 120 conn/10s)","log_count":299,"first_seen":"2025-11-18T08:25:05","last_seen":"2025-11-18T08:25:28"}],"total":31,"blocked":0,"message":"Trovate 31 anomalie"}[root@ids deployment]#
Reference in New Issue View Git Blame Copy Permalink