472a5d0917
Sorting: - Sort by: hits, threat level, recent activity, banned status - Active sort button highlighted in amber Mass operations: - Checkbox per IP for multi-select - "Ban Selected" / "Unban Selected" buttons with confirmation - /api/admin/security/mass-ban endpoint handles batch operations - Selection counter shows "N selected" IP Enrichment (click "Enrich" button per IP): - Geolocation via ip-api.com (country, city, ISP, org, AS number) - Proxy/hosting/mobile detection flags (red for proxy/hosting) - AI threat analysis via local qwen2.5: - Threat level, classification, confidence score - Attack pattern description - Specific indicators list - Automated detection flag - Actionable recommendation - Enrichment panel expands inline below the IP card (toggle) Per-IP drill-down: - Expandable raw log lines per IP (click to show/hide) - User agent listing with count - First seen / last seen timestamps - HTTP method breakdown (GET:5 POST:2) - AI sentinel verdicts shown inline - Jail information for banned IPs Enhanced backend: - Security API returns per-IP log lines, first_seen, methods, event_types - AI verdicts attached to IP records - Multiple UA detection (fingerprint: rotating scanner) - Sort parameter support (?sort=threat|hits|recent|banned) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>