Features

Every major Frabs capability, mapped to the real app.

Frabs is built around the workflows server owners and providers actually need: access visibility, threat scoring, firewall control, hardening, blocked-attack review, and report generation.

Access monitoring

Successful login visibility

Failed attempt tracking

Active session review

Per-IP login history

Blacklist and quick block actions

Threat detection

Bruteforce and distributed SSH detection

Port scan and distributed scan detection

Connection flood and anomaly tracking

Repeat offender scoring

Threat overview timeseries and live updates

Protection and response

UFW firewall control

Blocked IP review and removal

SSH rate limiting

Per-threat action settings

Mitigation lifecycle visibility

Hardening and reporting

SSH configuration management

Fail2Ban controls

Update and access posture review

Threat report pages

Branded PDF export

Threats and scoring

Detection quality matters when customers trust the result.

Frabs scores threat incidents with deterministic logic, baseline awareness, explainability, and action policy controls. That lets customers understand what was detected, why it mattered, and what Frabs did next.

Threat score demo

Explainable attack scoring in one place

Frabs scores server-side attacks using rate, spread, repeat history, and baseline deviation. Customers can see why a threat moved from visible activity to action-worthy risk.

Live score

Critical

Failed SSH attempts: 28

Unique source IPs: 5

Repeat offender previously blocked

Failed attempt density+32

Source spread+15

Repeat offender history+18

Baseline deviation+16

Threats

Detection, scoring, mitigation, reports

Severity

Critical

Score

82/100

Confidence

High

SSH Bruteforce

203.0.113.14 · explainable scoring · action trace

82Blocked

Port Scan

198.51.100.42 · explainable scoring · action trace

68Watching

Connection Flood

192.0.2.77 · explainable scoring · action trace

75Rate limited

Logins

Successful access, active sessions, failed attempts

root

203.0.113.14 · SSH key

Success

deploy

198.51.100.21 · Password

Failed

ops

192.0.2.55 · SSH key

Active session

IP view

Full access history from one source

Successful logins

Failed attempts

Blocked status

Related sessions

Firewall

UFW control, blocked IPs, safe presets

Protection

Enabled · UFW

Live

Incoming policyDeny

SSH rate limitingOn

Blocked IPs18

Active rules26

Allow TCP 22

Inbound · Anywhere

Allow

Allow TCP 443

Inbound · Anywhere

Allow

Limit TCP 22

Inbound · Anywhere

Limit

Hardening

SSH, Fail2Ban, access, update posture

SSH controls

Server access settings

Port2222

Password authOff

Pubkey authOn

Max auth tries3

Security stack

Fail2Ban and update posture

Fail2Ban jail settings

Security recommendations

Update visibility

Access posture review

Baseline learning

Normal server behavior vs attack pressure

Frabs learns normal failed-login rates, connection pressure, and source patterns per server. That baseline strengthens detection quality without sacrificing day-one hard-threshold protection.

Baseline

Live activity

3.0x above normal peak

Baseline learning

Day-one thresholds, then smarter server-specific context.

Frabs detects attacks immediately with fixed hard limits, then improves the intelligence layer with server-specific baseline learning. That reduces false positives while preserving early protection.

Hard limits for new servers

Adaptive baseline confidence as snapshots accumulate

Positive and negative scoring factors to reduce noise

Action and alert thresholds tied to one shared severity model

Multi-server operations

One Frabs workspace can cover direct teams, providers, and customer fleets.

Move from a single server to a wider estate without changing the operating model. Threats, logins, firewall state, hardening, and reports stay consistent across every connected machine.

Multi-server view

Teams, providers, resellers

Web Node EU-1

3 active threats · Fresh heartbeat

Protected

DB Cluster US-2

1 critical event · Rate limiting active

Watching

Client VPS NL-7

0 active threats · Reseller view

Protected

Explore the product

Switch through the product areas in one view.

Dashboard Overview

Multi-server command center

OverviewLive

ThreatsReady

TrafficReady

LoginsReady

FirewallReady

HardeningReady

Active Threats

Blocked

Servers

Protection

High

Recent threat activity

Attack pressure vs baseline

Live

View pricing Read setup docs