Total Alerts
3.14M
Suricata eve.json ↑ 12% today
Blocked IPs
47
Active bans on MikroTik ↑ 3 this hour
Threat Rate
2.4/s
Alerts per second ↓ 8%
Parser Hit Rate
99.8%
Lines successfully parsed
Reasoning Stream
LIVE
SURICATA-SEV-1
ET SCAN Zmap User-Agent detected from 40.124.185.206 → 36.89.105.92:80
MIKROTIK-BLK
222.127.254.114 added to Suricata address-list — crowdsecurity/suricata-major-severity
SURICATA-EVE
ET EXPLOIT Possible Authenticated Command Injection — 66.56.168.36:80 inbound
CROWDSEC-PARSER
eve.json line parsed — 31.14k lines read, 3 alert events processed
Alert Rate (24h)
peaks: 14:00 - 16:00
00:00
06:00
12:00
18:00
now
Parse Rate
98%
Block Rate
62%
Active Block List — MikroTik "Suricata"
47 ACTIVE
| IP Address | Source | Reason | Added | Expires | Origin |
|---|
Service Status
SELKS / Suricata
eve.json monitoring active
CrowdSec Engine
v1.4.6 — 42 scenarios loaded
MikroTik Router
10.200.122.2 — connected
MikroCata Agent
MikroTik: 0 active blocks
Forwarder Cron
Every 60s — decisions polling
Block Origin Breakdown
Suricata
45%
HTTP
28%
SSH
20%
CAPI
7%
Top Attack Vector
ET SCAN Zmap UA
Signature 2029054 — 23.1k hits
Remediation Thresholds
Severity 1
IMMEDIATE
Severity 2
≥3/h
Severity 3
WHITELIST
Ban Duration
4h
CAPI Sync
ACTIVE
Pipeline Health
● eve.json → suricata-evelogs → crowdsec → mikrocata
All stages nominal
Pipeline Architecture
Suricata
IDS / IPS
eve.json
→
CrowdSec
Parser + Scenarios
3 parsed/loop
→
MikroCata
HTTP :8081
forward-cs.sh
→
MikroTik
RouterOS API
address-list
→
Blocked
Firewall Rule
47 IPs active