Overview
This tool analyzes SSH authentication logs to identify brute-force attack patterns and coordinate distributed attacks. It dynamically updates firewall rules to block malicious IP addresses in real-time and shares threat intelligence across managed nodes.
Key Features
- Real-time log parsing
- Brute-force pattern recognition
- Dynamic firewall (iptables) updates
- Geo-IP analysis of attackers
Tech Stack
PythonRegexLinux SystemdSQLite