NetMon
Cyber ops • live network intelligence
loading backend state...
Defensive network intelligence

Detection, inspection and response for live network visibility.

This page reads the real backend. It exposes server health, active connections, alerts, process aggregates, country aggregates, a model trainer, anomaly view, and an animated real-time geo map. The workflow is explicitly defensive: inspect, enrich, respond.

API on 127.0.0.1:8000
Reverse proxy via nginx
GeoIP lookup
Suricata feed
Model assets check
Detection
Inspection
Response

Threat Posture

Health

Current backend state and asset availability.

Defensive Controls

EdgePrevent
Rate limit, burst control, temporary blocks, allowlists, reputation filters.
AppInspect
Method sanity, user-agent shape, header consistency, path fuzzing, admin endpoint abuse.
AnalysisScore
404/401/403 bursts, failed logins, scanning patterns, suspicious ASNs, error ratios.
ResponseAct
ban/unban, cooldown, Telegram alert, visibility updates, audit trail.
Practical thresholds
> N req/min per IP > N 4xx/5xx in a row > N paths in seconds > N admin attempts > N failed logins > N requests from risky ASN
Decision score
+1 suspicious UA +1 repeated 404 +1 burst on sensitive paths +1 login failures +1 risky ASN +1 scanning pattern
If the score crosses the threshold, NetMon raises an alert, highlights the node, and can hand the IP to fail2ban for defensive enforcement.

Analysis

Ready.
No training started.

Response

Loading fail2ban status...
No action yet.
IPReverseOwnerAction

Inspection

Ready.

Real-time Geo map

Animated IP paths
Use the buttons or wheel to zoom. Drag to pan. Click a node to inspect it. The map fits once and then stays stable.
0 active nodes
Loading map stats...
cyan = new node
green = known node
red = Suricata / alert
grey = local socket
violet = server origin

Visibility

Loading...
PIDLocalRemoteStatusProcessCountry

Aggregates

Top processes
Top countries

Detection

Loading...
IPRemoteStatusCountry

Suricata alerts

Loading...
TimeSourceDestinationAlertSeverity

Time series