feat(dashboard): complete SOC dashboard with full monitoring and workflows
- models.html: Full rewrite — 6 KPIs, scoring volume timeline, anomaly rate chart, threat breakdown per model, enhanced model cards with validation gate - classify.html: SOC workflow — suggested unclassified IPs, quick-classify buttons, classification stats pie, pre-fill from URL params - traffic.html: Clickable rows → ip_detail, column sorting, status column, search filter, doc tooltips on all chart sections - scores.html: Search input, clickable rows → ip_detail, LEGITIMATE_BROWSER filter button, doc tooltips on distribution + scatter charts - ip_detail.html: Resource cascade section (headless browser detection), status column in HTTP logs table - detections.html: Doc tooltips on threat/reason/ASN chart sections - features.html: Doc tooltips on radar/importance/scatter sections - api.py: 4 new endpoints — /api/models/timeline, /api/models/threats, /api/classify/stats, /api/classify/suggested. Traffic API: status + search. 46 routes total. All tests pass (dashboard + bot-detector 36/36). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -6,6 +6,7 @@
|
||||
<h4>Logs HTTP bruts</h4>
|
||||
<p>Toutes les requêtes HTTP capturées (24h). Filtrez par méthode, host ou status pour identifier les patterns suspects.</p>
|
||||
<p><strong>Workflow :</strong> Filtrez POST → cherchez du brute-force → cliquez sur l'IP → investiguez.</p>
|
||||
<p><strong>Codes couleur :</strong> GET=vert, POST=bleu, PUT=jaune, DELETE=rouge. Status : 2xx=vert, 3xx=jaune, 4xx=orange, 5xx=rouge.</p>
|
||||
<p class="doc-source">Source : http_logs (24h)</p>
|
||||
</div></span>
|
||||
{% endblock %}
|
||||
@ -13,17 +14,35 @@
|
||||
<div class="space-y-4">
|
||||
<!-- Traffic summary charts -->
|
||||
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
|
||||
<div class="bg-gray-900 rounded-xl p-4 border border-gray-800">
|
||||
<h3 class="text-xs font-medium text-gray-500 mb-2">Méthodes HTTP</h3>
|
||||
<div id="method-chart" style="height:160px"></div>
|
||||
<div class="section-card">
|
||||
<div class="section-header"><span class="section-title">Méthodes HTTP
|
||||
<span class="relative inline-block"><button onclick="docToggle(this)" class="doc-btn">?</button><div class="doc-panel">
|
||||
<h4>Distribution des méthodes</h4>
|
||||
<p>Ratio des méthodes HTTP. Un ratio POST anormalement élevé peut indiquer du brute-force ou du credential stuffing.</p>
|
||||
<p class="doc-source">Source : http_logs (24h)</p>
|
||||
</div></span>
|
||||
</span></div>
|
||||
<div class="section-body"><div id="method-chart" style="height:160px"></div></div>
|
||||
</div>
|
||||
<div class="bg-gray-900 rounded-xl p-4 border border-gray-800">
|
||||
<h3 class="text-xs font-medium text-gray-500 mb-2">Top 5 User-Agents</h3>
|
||||
<div id="ua-chart" style="height:160px"></div>
|
||||
<div class="section-card">
|
||||
<div class="section-header"><span class="section-title">Top User-Agents
|
||||
<span class="relative inline-block"><button onclick="docToggle(this)" class="doc-btn">?</button><div class="doc-panel">
|
||||
<h4>User-Agents les plus fréquents</h4>
|
||||
<p>Les bots utilisent souvent des UAs génériques (python-requests, curl) ou vides. Un UA massivement représenté = potentiel botnet.</p>
|
||||
<p class="doc-source">Source : http_logs (24h)</p>
|
||||
</div></span>
|
||||
</span></div>
|
||||
<div class="section-body"><div id="ua-chart" style="height:160px"></div></div>
|
||||
</div>
|
||||
<div class="bg-gray-900 rounded-xl p-4 border border-gray-800">
|
||||
<h3 class="text-xs font-medium text-gray-500 mb-2">Top 5 Paths</h3>
|
||||
<div id="path-chart" style="height:160px"></div>
|
||||
<div class="section-card">
|
||||
<div class="section-header"><span class="section-title">Top Paths
|
||||
<span class="relative inline-block"><button onclick="docToggle(this)" class="doc-btn">?</button><div class="doc-panel">
|
||||
<h4>Chemins les plus accédés</h4>
|
||||
<p>Les paths comme /wp-admin, /xmlrpc.php, /.env indiquent du scanning. Un path API martelé = possible DDoS L7.</p>
|
||||
<p class="doc-source">Source : http_logs (24h)</p>
|
||||
</div></span>
|
||||
</span></div>
|
||||
<div class="section-body"><div id="path-chart" style="height:160px"></div></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="flex items-center gap-3 flex-wrap">
|
||||
@ -33,12 +52,14 @@
|
||||
</select>
|
||||
<input type="text" id="host-filter" placeholder="Filtrer host..." class="px-3 py-1.5 bg-gray-800 border border-gray-700 rounded-lg text-sm text-gray-300 w-48 focus:border-brand-500 focus:outline-none">
|
||||
<input type="number" id="status-filter" placeholder="Status" class="px-3 py-1.5 bg-gray-800 border border-gray-700 rounded-lg text-sm text-gray-300 w-28 focus:border-brand-500 focus:outline-none">
|
||||
<input type="text" id="search-filter" placeholder="Rechercher IP, path, UA…" class="px-3 py-1.5 bg-gray-800 border border-gray-700 rounded-lg text-sm text-gray-300 w-64 focus:border-brand-500 focus:outline-none">
|
||||
</div>
|
||||
<div class="bg-gray-900 rounded-xl border border-gray-800 overflow-hidden">
|
||||
<div class="section-card overflow-hidden">
|
||||
<div class="overflow-x-auto max-h-[70vh] overflow-y-auto">
|
||||
<table class="data-table"><thead><tr>
|
||||
<th>Time</th><th>IP</th><th>Method</th><th>Host</th><th>Path</th>
|
||||
<th>HTTP Ver</th><th>User-Agent</th><th>JA4</th><th>Pays</th>
|
||||
<th class="cursor-pointer" data-sort="time">Time ↕</th>
|
||||
<th>IP</th><th>Method</th><th>Status</th><th>Host</th><th>Path</th>
|
||||
<th>HTTP</th><th>User-Agent</th><th>JA4</th><th>Pays</th>
|
||||
</tr></thead><tbody id="traffic-body"></tbody></table>
|
||||
</div>
|
||||
<div class="flex items-center justify-between px-4 py-3 border-t border-gray-800">
|
||||
@ -53,40 +74,56 @@
|
||||
{% endblock %}
|
||||
{% block scripts %}
|
||||
<script>
|
||||
let tPage=1;
|
||||
let tPage=1, tSort='time', tOrder='DESC';
|
||||
const sc = s => s>=500?'text-red-400':s>=400?'text-orange-400':s>=300?'text-yellow-400':'text-green-400';
|
||||
const mc = m => ({GET:'text-green-400',POST:'text-blue-400',PUT:'text-yellow-400',DELETE:'text-red-400'}[m]||'text-gray-400');
|
||||
|
||||
async function loadTraffic() {
|
||||
const params = new URLSearchParams({page:tPage,per_page:100});
|
||||
const params = new URLSearchParams({page:tPage,per_page:100,sort:tSort,order:tOrder});
|
||||
const m=document.getElementById('method-filter').value;
|
||||
const h=document.getElementById('host-filter').value;
|
||||
const s=document.getElementById('status-filter').value;
|
||||
if(m) params.set('method',m); if(h) params.set('host',h); if(s) params.set('status',s);
|
||||
const q=document.getElementById('search-filter').value;
|
||||
if(m) params.set('method',m); if(h) params.set('host',h); if(s) params.set('status',s); if(q) params.set('search',q);
|
||||
try {
|
||||
const r = await fetch('/api/traffic?'+params); const d = await r.json();
|
||||
const tbody = document.getElementById('traffic-body');
|
||||
const sc = s => s>=500?'text-red-400':s>=400?'text-orange-400':s>=300?'text-yellow-400':'text-green-400';
|
||||
const mc = m => ({GET:'text-green-400',POST:'text-blue-400',PUT:'text-yellow-400',DELETE:'text-red-400'}[m]||'text-gray-400');
|
||||
tbody.innerHTML = (d.data||[]).map(row => `<tr>
|
||||
tbody.innerHTML = (d.data||[]).map(row => `<tr onclick="window.location='/ip/'+encodeURIComponent('${escapeHtml(row.src_ip||'')}')">
|
||||
<td class="text-xs whitespace-nowrap">${row.time||''}</td>
|
||||
<td class="whitespace-nowrap">${fmtIP(row.src_ip)}</td>
|
||||
<td class="${mc(row.method)} font-mono text-xs">${row.method||''}</td>
|
||||
<td class="text-xs max-w-[150px] truncate">${row.host||''}</td>
|
||||
<td class="text-xs max-w-[250px] truncate font-mono" title="${row.path||''}">${row.path||''}</td>
|
||||
<td class="font-mono text-xs">${row.http_version||''}</td>
|
||||
<td class="text-xs max-w-[200px] truncate" title="${row.header_user_agent||''}">${row.header_user_agent||''}</td>
|
||||
<td class="${sc(row.status||0)} font-mono text-xs">${row.status||''}</td>
|
||||
<td class="text-xs max-w-[150px] truncate">${escapeHtml(row.host||'')}</td>
|
||||
<td class="text-xs max-w-[250px] truncate font-mono" title="${escapeHtml(row.path||'')}">${escapeHtml(row.path||'')}</td>
|
||||
<td class="font-mono text-xs">${escapeHtml(row.http_version||'')}</td>
|
||||
<td class="text-xs max-w-[200px] truncate" title="${escapeHtml(row.header_user_agent||'')}">${escapeHtml(row.header_user_agent||'')}</td>
|
||||
<td class="text-xs font-mono max-w-[100px] truncate">${fmtJA4(row.ja4)}</td>
|
||||
<td>${fmtCountry(row.src_country_code)}</td>
|
||||
</tr>`).join('') || '<tr><td colspan="9" class="text-center text-gray-500 py-8">Aucun log</td></tr>';
|
||||
</tr>`).join('') || '<tr><td colspan="10" class="text-center text-gray-500 py-8">Aucun log</td></tr>';
|
||||
const total=d.total||0;
|
||||
document.getElementById('traffic-info').textContent=`${total} logs — page ${tPage}/${Math.max(1,Math.ceil(total/100))}`;
|
||||
document.getElementById('traffic-info').textContent=`${fmtNum(total)} logs — page ${tPage}/${Math.max(1,Math.ceil(total/100))}`;
|
||||
document.getElementById('prev-btn').disabled=tPage<=1;
|
||||
document.getElementById('next-btn').disabled=tPage*100>=total;
|
||||
} catch(e) { console.error(e); }
|
||||
}
|
||||
document.getElementById('prev-btn').onclick=()=>{if(tPage>1){tPage--;loadTraffic();}};
|
||||
document.getElementById('next-btn').onclick=()=>{tPage++;loadTraffic();};
|
||||
['method-filter','host-filter','status-filter'].forEach(id=>{
|
||||
|
||||
// Column sorting
|
||||
document.querySelectorAll('[data-sort]').forEach(th => th.onclick = () => {
|
||||
const s=th.dataset.sort;
|
||||
if(tSort===s) tOrder=tOrder==='DESC'?'ASC':'DESC'; else {tSort=s;tOrder='DESC';}
|
||||
tPage=1; loadTraffic();
|
||||
});
|
||||
|
||||
// Filters with debounce
|
||||
let filterTimer;
|
||||
['method-filter','host-filter','status-filter','search-filter'].forEach(id=>{
|
||||
let el=document.getElementById(id);
|
||||
el.addEventListener(el.tagName==='SELECT'?'change':'input',()=>{tPage=1;loadTraffic();});
|
||||
el.addEventListener(el.tagName==='SELECT'?'change':'input',()=>{
|
||||
clearTimeout(filterTimer);
|
||||
filterTimer=setTimeout(()=>{tPage=1;loadTraffic();},300);
|
||||
});
|
||||
});
|
||||
loadTraffic();
|
||||
|
||||
@ -96,10 +133,7 @@ async function loadTrafficSummary() {
|
||||
const r = await fetch('/api/traffic?per_page=500'); const d = await r.json();
|
||||
const rows = d.data||[];
|
||||
const METHOD_COLORS = {GET:'#22c55e',POST:'#3b82f6',PUT:'#eab308',DELETE:'#ef4444',HEAD:'#8b5cf6',OPTIONS:'#6b7280'};
|
||||
// Method distribution
|
||||
const methods = {};
|
||||
const uas = {};
|
||||
const paths = {};
|
||||
const methods = {}, uas = {}, paths = {};
|
||||
rows.forEach(row => {
|
||||
methods[row.method] = (methods[row.method]||0)+1;
|
||||
const ua = (row.header_user_agent||'').substring(0,30) || '(empty)';
|
||||
@ -110,7 +144,6 @@ async function loadTrafficSummary() {
|
||||
const ch1 = echarts.init(document.getElementById('method-chart'));
|
||||
ch1.setOption(ecBase({tooltip:ecTooltip({trigger:'item'}),series:[{type:'pie',radius:['30%','65%'],label:{color:EC_TEXT,fontSize:10,formatter:'{b}\n{d}%'},
|
||||
data:Object.entries(methods).map(([k,v])=>({name:k,value:v,itemStyle:{color:METHOD_COLORS[k]||'#6b7280'}}))}]}));
|
||||
// Top UAs
|
||||
const topUA = Object.entries(uas).sort((a,b)=>b[1]-a[1]).slice(0,5);
|
||||
if (topUA.length) {
|
||||
const ch2 = echarts.init(document.getElementById('ua-chart'));
|
||||
@ -119,7 +152,6 @@ async function loadTrafficSummary() {
|
||||
xAxis:{type:'value',show:false},
|
||||
series:[{type:'bar',data:topUA.map(r=>r[1]).reverse(),barWidth:'60%',itemStyle:{color:'#3b82f6'},label:{show:true,position:'right',color:EC_TEXT,fontSize:10}}]}));
|
||||
}
|
||||
// Top paths
|
||||
const topPath = Object.entries(paths).sort((a,b)=>b[1]-a[1]).slice(0,5);
|
||||
if (topPath.length) {
|
||||
const ch3 = echarts.init(document.getElementById('path-chart'));
|
||||
|
||||
Reference in New Issue
Block a user