+ {/* Header */}
+
+
⏱️ Heatmap Temporelle d'Attaques
+
+ Distribution horaire de l'activité malveillante par host cible.
+
+
+
+ {/* Stat cards */}
+
+ 0 ? `${peakHour.hour}h (${formatNumber(peakHour.hits)} hits)` : '—'}
+ accent="text-threat-critical"
+ />
+
+
+
+
+ {/* Section 1: Courbe horaire */}
+
+
Activité horaire — 24h
+ {hourlyLoading ? (
+
+ ) : hourlyError ? (
+
+ ) : (
+ <>
+
+ {Array.from({ length: 24 }, (_, i) => {
+ const entry = hourly.find((h) => h.hour === i) ?? { hour: i, hits: 0, unique_ips: 0, max_rps: 0 };
+ const pct = maxHits > 0 ? (entry.hits / maxHits) * 100 : 0;
+ return (
+
+
+
= 70 ? 'bg-threat-critical' : pct >= 30 ? 'bg-threat-medium' : 'bg-accent-primary/60'
+ }`}
+ />
+
+
{i}
+
+ );
+ })}
+
+
+ Élevé (≥70%)
+ Moyen (≥30%)
+ Faible
+
+
+ )}
+
+
+ {/* Section 2: Heatmap matrix */}
+
+
Heatmap Host × Heure
+ {matrixLoading ? (
+
+ ) : matrixError ? (
+
+ ) : !matrixData || displayHosts.length === 0 ? (
+
Aucune donnée disponible.
+ ) : (
+
+
+ {/* Hour headers */}
+
+ {Array.from({ length: 24 }, (_, i) => (
+
+ {i}
+
+ ))}
+
+ {/* Rows */}
+ {displayHosts.map((host, rowIdx) => {
+ const rowData = matrixData.matrix[rowIdx] ?? Array(24).fill(0);
+ return (
+
+
+ {host}
+
+ {Array.from({ length: 24 }, (_, h) => {
+ const val = rowData[h] ?? 0;
+ return (
+
+ );
+ })}
+
+ );
+ })}
+
+
+ Intensité :
+ {[
+ { label: 'Nul', style: { backgroundColor: 'transparent', border: '1px solid rgba(255,255,255,0.1)' } },
+ { label: 'Très faible', style: { backgroundColor: 'rgba(147, 197, 253, 0.15)' } },
+ { label: 'Faible', style: { backgroundColor: 'rgba(96, 165, 250, 0.35)' } },
+ { label: 'Moyen', style: { backgroundColor: 'rgba(59, 130, 246, 0.6)' } },
+ { label: 'Élevé', style: { backgroundColor: 'rgba(168, 85, 247, 0.7)' } },
+ { label: 'Critique', style: { backgroundColor: 'rgba(239, 68, 68, 0.85)' } },
+ ].map(({ label, style }) => (
+
+
+ {label}
+
+ ))}
+
+
+ )}
+
+
+ {/* Section 3: Top hosts table */}
+
+
+
Top Hosts ciblés
+
+ {topHostsLoading ? (
+
+ ) : topHostsError ? (
+
+ ) : (
+
+
+
+ | Host |
+ Total hits |
+ IPs uniques |
+ JA4 uniques |
+ Activité 24h |
+
+
+
+ {topHosts.map((h) => (
+
+ | {h.host} |
+ {formatNumber(h.total_hits)} |
+ {formatNumber(h.unique_ips)} |
+ {formatNumber(h.unique_ja4s)} |
+
+
+ |
+
+ ))}
+
+
+ )}
+
+
+ );
+}
diff --git a/frontend/src/components/MLFeaturesView.tsx b/frontend/src/components/MLFeaturesView.tsx
new file mode 100644
index 0000000..939ac57
--- /dev/null
+++ b/frontend/src/components/MLFeaturesView.tsx
@@ -0,0 +1,529 @@
+import { useState, useEffect } from 'react';
+import { useNavigate } from 'react-router-dom';
+
+// ─── Types ────────────────────────────────────────────────────────────────────
+
+interface MLAnomaly {
+ ip: string;
+ ja4: string;
+ host: string;
+ hits: number;
+ fuzzing_index: number;
+ hit_velocity: number;
+ temporal_entropy: number;
+ is_fake_navigation: boolean;
+ ua_ch_mismatch: boolean;
+ sni_host_mismatch: boolean;
+ is_ua_rotating: boolean;
+ path_diversity_ratio: number;
+ anomalous_payload_ratio: number;
+ asn_label: string;
+ bot_name: string;
+ attack_type: string;
+}
+
+interface RadarData {
+ ip: string;
+ fuzzing_score: number;
+ velocity_score: number;
+ fake_nav_score: number;
+ ua_mismatch_score: number;
+ sni_mismatch_score: number;
+ orphan_score: number;
+ path_repetition_score: number;
+ payload_anomaly_score: number;
+}
+
+interface ScatterPoint {
+ ip: string;
+ ja4: string;
+ fuzzing_index: number;
+ hit_velocity: number;
+ hits: number;
+ attack_type: string;
+}
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+function formatNumber(n: number): string {
+ return n.toLocaleString('fr-FR');
+}
+
+function attackTypeEmoji(type: string): string {
+ switch (type) {
+ case 'brute_force': return '🔑';
+ case 'flood': return '🌊';
+ case 'scraper': return '🕷️';
+ case 'spoofing': return '🎭';
+ case 'scanner': return '🔍';
+ default: return '❓';
+ }
+}
+
+function attackTypeColor(type: string): string {
+ switch (type) {
+ case 'brute_force': return '#ef4444';
+ case 'flood': return '#3b82f6';
+ case 'scraper': return '#a855f7';
+ case 'spoofing': return '#f97316';
+ case 'scanner': return '#eab308';
+ default: return '#6b7280';
+ }
+}
+
+function fuzzingBadgeClass(value: number): string {
+ if (value >= 200) return 'bg-threat-critical/20 text-threat-critical';
+ if (value >= 100) return 'bg-threat-high/20 text-threat-high';
+ if (value >= 50) return 'bg-threat-medium/20 text-threat-medium';
+ return 'bg-background-card text-text-secondary';
+}
+
+// ─── Sub-components ───────────────────────────────────────────────────────────
+
+function LoadingSpinner() {
+ return (
+
+ );
+}
+
+function ErrorMessage({ message }: { message: string }) {
+ return (
+
+ ⚠️ {message}
+
+ );
+}
+
+// ─── Radar Chart (SVG octagonal) ─────────────────────────────────────────────
+
+const RADAR_AXES = [
+ { key: 'fuzzing_score', label: 'Fuzzing' },
+ { key: 'velocity_score', label: 'Vélocité' },
+ { key: 'fake_nav_score', label: 'Fausse nav' },
+ { key: 'ua_mismatch_score', label: 'UA/CH mismatch' },
+ { key: 'sni_mismatch_score', label: 'SNI mismatch' },
+ { key: 'orphan_score', label: 'Orphan ratio' },
+ { key: 'path_repetition_score', label: 'Répétition URL' },
+ { key: 'payload_anomaly_score', label: 'Payload anormal' },
+] as const;
+
+type RadarKey = typeof RADAR_AXES[number]['key'];
+
+function RadarChart({ data }: { data: RadarData }) {
+ const size = 280;
+ const cx = size / 2;
+ const cy = size / 2;
+ const maxR = 100;
+ const n = RADAR_AXES.length;
+
+ const angleOf = (i: number) => (i * 2 * Math.PI) / n - Math.PI / 2;
+
+ const pointFor = (i: number, r: number): [number, number] => {
+ const a = angleOf(i);
+ return [cx + r * Math.cos(a), cy + r * Math.sin(a)];
+ };
+
+ // Background rings (at 25%, 50%, 75%, 100%)
+ const rings = [25, 50, 75, 100];
+
+ const dataPoints = RADAR_AXES.map((axis, i) => {
+ const val = Math.min((data[axis.key as RadarKey] ?? 0), 100);
+ return pointFor(i, (val / 100) * maxR);
+ });
+
+ const polygonPoints = dataPoints.map(([x, y]) => `${x},${y}`).join(' ');
+
+ return (
+
+ );
+}
+
+// ─── Scatter plot ─────────────────────────────────────────────────────────────
+
+function ScatterPlot({ points }: { points: ScatterPoint[] }) {
+ const [tooltip, setTooltip] = useState<{ ip: string; type: string; x: number; y: number } | null>(null);
+
+ const W = 600;
+ const H = 200;
+ const padL = 40;
+ const padB = 30;
+ const padT = 10;
+ const padR = 20;
+
+ const maxX = 350;
+ const maxY = 1;
+
+ const toSvgX = (v: number) => padL + ((v / maxX) * (W - padL - padR));
+ const toSvgY = (v: number) => padT + ((1 - v / maxY) * (H - padT - padB));
+
+ // X axis ticks
+ const xTicks = [0, 50, 100, 150, 200, 250, 300, 350];
+ const yTicks = [0, 0.25, 0.5, 0.75, 1.0];
+
+ return (
+
+
+
+ );
+}
+
+// ─── Main Component ───────────────────────────────────────────────────────────
+
+export function MLFeaturesView() {
+ const navigate = useNavigate();
+
+ const [anomalies, setAnomalies] = useState
([]);
+ const [anomaliesLoading, setAnomaliesLoading] = useState(true);
+ const [anomaliesError, setAnomaliesError] = useState(null);
+
+ const [scatter, setScatter] = useState([]);
+ const [scatterLoading, setScatterLoading] = useState(true);
+ const [scatterError, setScatterError] = useState(null);
+
+ const [selectedIP, setSelectedIP] = useState(null);
+ const [radarData, setRadarData] = useState(null);
+ const [radarLoading, setRadarLoading] = useState(false);
+ const [radarError, setRadarError] = useState(null);
+
+ useEffect(() => {
+ const fetchAnomalies = async () => {
+ try {
+ const res = await fetch('/api/ml/top-anomalies?limit=50');
+ if (!res.ok) throw new Error('Erreur chargement des anomalies');
+ const data: { items: MLAnomaly[] } = await res.json();
+ setAnomalies(data.items ?? []);
+ } catch (err) {
+ setAnomaliesError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setAnomaliesLoading(false);
+ }
+ };
+ const fetchScatter = async () => {
+ try {
+ const res = await fetch('/api/ml/scatter?limit=200');
+ if (!res.ok) throw new Error('Erreur chargement du scatter');
+ const data: { points: ScatterPoint[] } = await res.json();
+ setScatter(data.points ?? []);
+ } catch (err) {
+ setScatterError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setScatterLoading(false);
+ }
+ };
+ fetchAnomalies();
+ fetchScatter();
+ }, []);
+
+ const loadRadar = async (ip: string) => {
+ if (selectedIP === ip) {
+ setSelectedIP(null);
+ setRadarData(null);
+ return;
+ }
+ setSelectedIP(ip);
+ setRadarLoading(true);
+ setRadarError(null);
+ try {
+ const res = await fetch(`/api/ml/ip/${encodeURIComponent(ip)}/radar`);
+ if (!res.ok) throw new Error('Erreur chargement du radar');
+ const data: RadarData = await res.json();
+ setRadarData(data);
+ } catch (err) {
+ setRadarError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setRadarLoading(false);
+ }
+ };
+
+ return (
+
+ {/* Header */}
+
+
🤖 Analyse Features ML
+
+ Visualisation des features ML pour la détection d'anomalies comportementales.
+
+
+
+ {/* Main two-column layout */}
+
+ {/* Left: anomalies table */}
+
+
+
+
Top anomalies
+
+ {anomaliesLoading ? (
+
+ ) : anomaliesError ? (
+
+ ) : (
+
+
+
+
+ | IP |
+ Host |
+ Hits |
+ Fuzzing |
+ Type |
+ Signaux |
+
+
+
+ {anomalies.map((item) => (
+ loadRadar(item.ip)}
+ className={`border-b border-border cursor-pointer transition-colors ${
+ selectedIP === item.ip
+ ? 'bg-accent-primary/10'
+ : 'hover:bg-background-card'
+ }`}
+ >
+ | {item.ip} |
+
+ {item.host || '—'}
+ |
+ {formatNumber(item.hits)} |
+
+
+ {Math.round(item.fuzzing_index)}
+
+ |
+
+
+ {attackTypeEmoji(item.attack_type)}
+
+ |
+
+
+ {item.ua_ch_mismatch && ⚠️}
+ {item.is_fake_navigation && 🎭}
+ {item.is_ua_rotating && 🔄}
+ {item.sni_host_mismatch && 🌐}
+
+ |
+
+ ))}
+
+
+
+ )}
+
+
+
+ {/* Right: Radar chart */}
+
+
+
+ Radar ML {selectedIP ? — {selectedIP} : ''}
+
+ {!selectedIP ? (
+
+ Cliquez sur une IP
pour afficher le radar
+
+ ) : radarLoading ? (
+
+
+
+ ) : radarError ? (
+
+ ) : radarData ? (
+ <>
+
+
+
+
+
+ ) : null}
+
+
+
+
+ {/* Scatter plot */}
+
+
Nuage de points — Fuzzing Index × Vélocité
+ {scatterLoading ? (
+
+ ) : scatterError ? (
+
+ ) : (
+ <>
+
+ {/* Legend */}
+
+ {['brute_force', 'flood', 'scraper', 'spoofing', 'scanner'].map((type) => (
+
+
+ {attackTypeEmoji(type)} {type}
+
+ ))}
+
+
+ )}
+
+
+ {label}
+ {value}
+
+ );
+}
+
+function LoadingSpinner() {
+ return (
+
+ );
+}
+
+function ErrorMessage({ message }: { message: string }) {
+ return (
+
+ ⚠️ {message}
+
+ );
+}
+
+// ─── Rotator row with expandable JA4 history ─────────────────────────────────
+
+function RotatorRow({ item }: { item: JA4Rotator }) {
+ const [expanded, setExpanded] = useState(false);
+ const [history, setHistory] = useState([]);
+ const [historyLoading, setHistoryLoading] = useState(false);
+ const [historyError, setHistoryError] = useState(null);
+ const [historyLoaded, setHistoryLoaded] = useState(false);
+
+ const toggle = async () => {
+ setExpanded((prev) => !prev);
+ if (!historyLoaded && !expanded) {
+ setHistoryLoading(true);
+ try {
+ const res = await fetch(`/api/rotation/ip/${encodeURIComponent(item.ip)}/ja4-history`);
+ if (!res.ok) throw new Error('Erreur chargement historique JA4');
+ const data: { history: JA4HistoryEntry[] } = await res.json();
+ setHistory(data.history ?? []);
+ setHistoryLoaded(true);
+ } catch (err) {
+ setHistoryError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setHistoryLoading(false);
+ }
+ }
+ };
+
+ const isHighRotation = item.distinct_ja4_count > 5;
+
+ return (
+ <>
+
+ |
+ {expanded ? '▾' : '▸'}
+ {item.ip}
+ |
+
+
+ {item.distinct_ja4_count} JA4
+
+ |
+ {formatNumber(item.total_hits)} |
+
+
+
+ {Math.round(item.evasion_score)}
+ |
+
+ {expanded && (
+
+
+ {historyLoading ? (
+
+
+ Chargement de l'historique…
+
+ Historique des JA4 utilisés :
+ {history.map((entry, idx) => (
+
+
+ {entry.ja4}
+
+ {formatNumber(entry.hits)} hits
+ {formatDate(entry.window_start)}
+
+ ))}
+ |
+
+ )}
+
+ );
+}
+
+// ─── Main Component ───────────────────────────────────────────────────────────
+
+export function RotationView() {
+ const navigate = useNavigate();
+
+ const [activeTab, setActiveTab] = useState('rotators');
+
+ const [rotators, setRotators] = useState([]);
+ const [rotatorsLoading, setRotatorsLoading] = useState(true);
+ const [rotatorsError, setRotatorsError] = useState(null);
+
+ const [persistent, setPersistent] = useState([]);
+ const [persistentLoading, setPersistentLoading] = useState(false);
+ const [persistentError, setPersistentError] = useState(null);
+ const [persistentLoaded, setPersistentLoaded] = useState(false);
+
+ useEffect(() => {
+ const fetchRotators = async () => {
+ setRotatorsLoading(true);
+ try {
+ const res = await fetch('/api/rotation/ja4-rotators?limit=50');
+ if (!res.ok) throw new Error('Erreur chargement des rotateurs');
+ const data: { items: JA4Rotator[] } = await res.json();
+ setRotators(data.items ?? []);
+ } catch (err) {
+ setRotatorsError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setRotatorsLoading(false);
+ }
+ };
+ fetchRotators();
+ }, []);
+
+ const loadPersistent = async () => {
+ if (persistentLoaded) return;
+ setPersistentLoading(true);
+ try {
+ const res = await fetch('/api/rotation/persistent-threats?limit=100');
+ if (!res.ok) throw new Error('Erreur chargement des menaces persistantes');
+ const data: { items: PersistentThreat[] } = await res.json();
+ // Sort by persistence_score DESC
+ const sorted = [...(data.items ?? [])].sort((a, b) => b.persistence_score - a.persistence_score);
+ setPersistent(sorted);
+ setPersistentLoaded(true);
+ } catch (err) {
+ setPersistentError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setPersistentLoading(false);
+ }
+ };
+
+ const handleTabChange = (tab: ActiveTab) => {
+ setActiveTab(tab);
+ if (tab === 'persistent') loadPersistent();
+ };
+
+ const maxEvasion = rotators.length > 0 ? Math.max(...rotators.map((r) => r.evasion_score)) : 0;
+ const maxPersistence = persistent.length > 0 ? Math.max(...persistent.map((p) => p.persistence_score)) : 0;
+
+ const tabs: { id: ActiveTab; label: string }[] = [
+ { id: 'rotators', label: '🎭 Rotateurs JA4' },
+ { id: 'persistent', label: '🕰️ Menaces Persistantes' },
+ ];
+
+ return (
+
+ {/* Header */}
+
+
🔄 Rotation JA4 & Persistance
+
+ Détection des IPs qui changent de fingerprint pour contourner les détections, et des menaces persistantes.
+
+
+
+ {/* Stat cards */}
+
+
+
+
+
+
+
+ {/* Tabs */}
+
+ {tabs.map((tab) => (
+
+ ))}
+
+
+ {/* Rotateurs tab */}
+ {activeTab === 'rotators' && (
+
+ {rotatorsLoading ? (
+
+ ) : rotatorsError ? (
+
+ ) : (
+
+
+
+ | IP |
+ JA4 distincts |
+ Total hits |
+ Score d'évasion |
+
+
+
+ {rotators.map((item) => (
+
+ ))}
+
+
+ )}
+
+ )}
+
+ {/* Persistantes tab */}
+ {activeTab === 'persistent' && (
+
+ {persistentLoading ? (
+
+ ) : persistentError ? (
+
+ ) : (
+
+
+
+ | IP |
+ Récurrence |
+ Score menace |
+ Niveau |
+ Première vue |
+ Dernière vue |
+ Score persistance |
+ |
+
+
+
+ {persistent.map((item) => {
+ const badge = threatLevelBadge(item.worst_threat_level);
+ return (
+
+ | {item.ip} |
+
+
+ {item.recurrence}j
+
+ |
+ {Math.round(item.worst_score)} |
+
+
+ {item.worst_threat_level?.toUpperCase() || '—'}
+
+ |
+ {formatDate(item.first_seen)} |
+ {formatDate(item.last_seen)} |
+
+
+
+ {Math.round(item.persistence_score)}
+ |
+
+
+ |
+
+ );
+ })}
+
+
+ )}
+
+ )}
+
+ {label}
+ {value}
+
+ );
+}
+
+function LoadingSpinner() {
+ return (
+
+ );
+}
+
+function ErrorMessage({ message }: { message: string }) {
+ return (
+
+ ⚠️ {message}
+
+ );
+}
+
+// ─── Main Component ───────────────────────────────────────────────────────────
+
+export function TcpSpoofingView() {
+ const navigate = useNavigate();
+
+ const [activeTab, setActiveTab] = useState('detections');
+
+ const [overview, setOverview] = useState(null);
+ const [overviewLoading, setOverviewLoading] = useState(true);
+ const [overviewError, setOverviewError] = useState(null);
+
+ const [items, setItems] = useState([]);
+ const [itemsLoading, setItemsLoading] = useState(true);
+ const [itemsError, setItemsError] = useState(null);
+
+ const [matrix, setMatrix] = useState([]);
+ const [matrixLoading, setMatrixLoading] = useState(false);
+ const [matrixError, setMatrixError] = useState(null);
+ const [matrixLoaded, setMatrixLoaded] = useState(false);
+
+ const [filterText, setFilterText] = useState('');
+
+ useEffect(() => {
+ const fetchOverview = async () => {
+ setOverviewLoading(true);
+ try {
+ const res = await fetch('/api/tcp-spoofing/overview');
+ if (!res.ok) throw new Error('Erreur chargement overview');
+ const data: TcpSpoofingOverview = await res.json();
+ setOverview(data);
+ } catch (err) {
+ setOverviewError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setOverviewLoading(false);
+ }
+ };
+ const fetchItems = async () => {
+ setItemsLoading(true);
+ try {
+ const res = await fetch('/api/tcp-spoofing/list?limit=100');
+ if (!res.ok) throw new Error('Erreur chargement des détections');
+ const data: { items: TcpSpoofingItem[]; total: number } = await res.json();
+ setItems(data.items ?? []);
+ } catch (err) {
+ setItemsError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setItemsLoading(false);
+ }
+ };
+ fetchOverview();
+ fetchItems();
+ }, []);
+
+ const loadMatrix = async () => {
+ if (matrixLoaded) return;
+ setMatrixLoading(true);
+ try {
+ const res = await fetch('/api/tcp-spoofing/matrix');
+ if (!res.ok) throw new Error('Erreur chargement matrice OS');
+ const data: { matrix: OsMatrixEntry[] } = await res.json();
+ setMatrix(data.matrix ?? []);
+ setMatrixLoaded(true);
+ } catch (err) {
+ setMatrixError(err instanceof Error ? err.message : 'Erreur inconnue');
+ } finally {
+ setMatrixLoading(false);
+ }
+ };
+
+ const handleTabChange = (tab: ActiveTab) => {
+ setActiveTab(tab);
+ if (tab === 'matrix') loadMatrix();
+ };
+
+ const filteredItems = items.filter(
+ (item) =>
+ !filterText ||
+ item.ip.includes(filterText) ||
+ item.suspected_os.toLowerCase().includes(filterText.toLowerCase()) ||
+ item.declared_os.toLowerCase().includes(filterText.toLowerCase())
+ );
+
+ // Build matrix axes
+ const suspectedOSes = [...new Set(matrix.map((e) => e.suspected_os))].sort();
+ const declaredOSes = [...new Set(matrix.map((e) => e.declared_os))].sort();
+ const matrixMax = matrix.reduce((m, e) => Math.max(m, e.count), 1);
+
+ function matrixCellColor(count: number): string {
+ if (count === 0) return 'bg-background-card';
+ const ratio = count / matrixMax;
+ if (ratio >= 0.75) return 'bg-threat-critical/80';
+ if (ratio >= 0.5) return 'bg-threat-high/70';
+ if (ratio >= 0.25) return 'bg-threat-medium/60';
+ return 'bg-threat-low/40';
+ }
+
+ const tabs: { id: ActiveTab; label: string }[] = [
+ { id: 'detections', label: '📋 Détections' },
+ { id: 'matrix', label: '📊 Matrice OS' },
+ ];
+
+ return (
+
+ {/* Header */}
+
+
🧬 Spoofing TCP/OS
+
+ Détection des incohérences entre TTL/fenêtre TCP et l'OS déclaré.
+
+
+
+ {/* Stat cards */}
+ {overviewLoading ? (
+
+ ) : overviewError ? (
+
+ ) : overview ? (
+
+
+
+
+
+
+ ) : null}
+
+ {/* Tabs */}
+
+ {tabs.map((tab) => (
+
+ ))}
+
+
+ {/* Détections tab */}
+ {activeTab === 'detections' && (
+ <>
+
+ setFilterText(e.target.value)}
+ className="bg-background-card border border-border rounded-lg px-3 py-2 text-sm text-text-primary placeholder-text-disabled focus:outline-none focus:border-accent-primary w-72"
+ />
+
+
+ {itemsLoading ? (
+
+ ) : itemsError ? (
+
+ ) : (
+
+
+
+ | IP |
+ JA4 |
+ TTL observé |
+ Fenêtre TCP |
+ OS suspecté |
+ OS déclaré |
+ Spoof |
+ |
+
+
+
+ {filteredItems.map((item) => (
+
+ | {item.ip} |
+
+ {item.ja4 ? `${item.ja4.slice(0, 14)}…` : '—'}
+ |
+
+ {item.tcp_ttl}
+ |
+
+ {formatNumber(item.tcp_window_size)}
+ |
+ {item.suspected_os || '—'} |
+ {item.declared_os || '—'} |
+
+ {item.spoof_flag && (
+
+ 🚨 Spoof
+
+ )}
+ |
+
+
+ |
+
+ ))}
+
+
+ )}
+
+
+ )}
+
+ {/* Matrice OS tab */}
+ {activeTab === 'matrix' && (
+
+ {matrixLoading ? (
+
+ ) : matrixError ? (
+
+ ) : matrix.length === 0 ? (
+
Aucune donnée disponible.
+ ) : (
+
+
OS Suspecté × OS Déclaré
+
+
+
+ |
+ Suspecté \ Déclaré
+ |
+ {declaredOSes.map((os) => (
+
+ {os}
+ |
+ ))}
+ Total |
+
+
+
+ {suspectedOSes.map((sos) => {
+ const rowEntries = declaredOSes.map((dos) => {
+ const entry = matrix.find((e) => e.suspected_os === sos && e.declared_os === dos);
+ return entry?.count ?? 0;
+ });
+ const rowTotal = rowEntries.reduce((s, v) => s + v, 0);
+ return (
+
+ |
+ {sos}
+ |
+ {rowEntries.map((count, ci) => (
+ 0 ? 'text-text-primary' : 'text-text-disabled'}`}
+ >
+ {count > 0 ? formatNumber(count) : '—'}
+ |
+ ))}
+
+ {formatNumber(rowTotal)}
+ |
+
+ );
+ })}
+
+ | Total |
+ {declaredOSes.map((dos) => {
+ const colTotal = matrix
+ .filter((e) => e.declared_os === dos)
+ .reduce((s, e) => s + e.count, 0);
+ return (
+
+ {formatNumber(colTotal)}
+ |
+ );
+ })}
+
+ {formatNumber(matrix.reduce((s, e) => s + e.count, 0))}
+ |
+
+
+
+
+ )}
+
+ )}
+