- Introduced a new partial template `_ip_detail.html` for displaying comprehensive IP details, including activity, geo & network information, reputation, and access history.
- Updated `ip_insight.html` to include the new `_ip_detail.html` partial, streamlining the code and enhancing maintainability.
- Enhanced CSS styles for improved layout and responsiveness, including adjustments to the radar chart size and the introduction of a two-column grid layout for IP details.
- Refactored JavaScript for loading attack types charts to support multiple instances and improved error handling.
- Updated various tables to include "Actions" column with inspect buttons for IP insights.
- Created a new IP insight template for displaying detailed information about an IP address.
- Implemented JavaScript functions to handle opening the IP insight view and loading data via HTMX.
- Enhanced map markers to include inspect buttons for quick access to IP insights.
- Added styles for the new IP insight page and buttons to maintain UI consistency.
* added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes
* added doc
* added logo to dashboard
* Fixed dashboard attack chart
* Enhance fake data generation with varied request counts for better visualization
* Add automatic migrations and support for latitude/longitude in IP stats
* Update Helm chart version to 0.2.2 and add timezone configuration option
---------
Co-authored-by: BlessedRebuS <patrick.difa@gmail.com>
* Enhance geolocation functionality and improve unenriched IP retrieval logic
* Refactor test_insert_fake_ips.py to enhance geolocation data handling and improve IP data structure
* Refactor code for improved readability and consistency in database and geolocation utilities
* feat: enhance IP reputation management with city data and geolocation integration
* feat: enhance dashboard with city coordinates and improved marker handling
* feat: update chart version to 0.2.1 in Chart.yaml, README.md, and values.yaml
* feat: update logo format and size in README.md
* feat: improve location display logic in dashboard for attackers and IPs
* feat: update analyzer thresholds and add crawl configuration options
* feat: update Helm chart version and add README for installation instructions
* feat: update installation instructions in README and add Docker support
* feat: update deployment manifests and configuration for improved service handling and analyzer settings
* feat: add API endpoint for paginated IP retrieval and enhance dashboard visualization with category filters
* feat: update configuration for Krawl service to use external config file
* feat: refactor code for improved readability and consistency across multiple files
* feat: remove Flake8, Pylint, and test steps from PR checks workflow
- Add conditional execution to export-malicious-ips task: only runs
when honeypot was accessed in last 5 minutes
- Add since_minutes parameter to get_access_logs() for time filtering
- Optimize analyze-ips task to only process IPs with activity in the
last minute, fetching full history per-IP instead of all logs
- Exclude RFC1918 private addresses and non-routable IPs from IP
reputation enrichment (10.x, 172.16-31.x, 192.168.x, 127.x, 169.254.x)
- Add missing session.commit() and cleanup to update_ip_rep_infos() **bugfix**
- Enable SQLite WAL mode and 30s busy timeout for better concurrency **race condition prevention**
- Add get_unenriched_ips() method to only fetch IPs needing enrichment **don't enrich what's already done*
- Rewrite fetch_ip_rep task to process only unenriched IPs (limit 50) **API kindness**
- Change task frequency from every 1 minute to every 5 minutes **API kindness**
- Add request timeout (10s) and proper error handling **can update to longer if needed**
- Add SQLAlchemy-based database layer for persistent storage
- Create models for access_logs, credential_attempts, attack_detections, ip_stats
- Include fields for future GeoIP and reputation enrichment
- Implement sanitization utilities to protect against malicious payloads
- Fix XSS vulnerability in dashboard template (HTML escape all user data)
- Add DATABASE_PATH and DATABASE_RETENTION_DAYS config options
- Dual storage: in-memory for dashboard performance + SQLite for persistence
New files:
- src/models.py - SQLAlchemy ORM models
- src/database.py - DatabaseManager singleton
- src/sanitizer.py - Input sanitization and HTML escaping
- requirements.txt - SQLAlchemy dependency
Security protections:
- Parameterized queries via SQLAlchemy ORM
- Field length limits to prevent storage exhaustion
- Null byte and control character stripping
- HTML escaping on dashboard output
