What's Next for SikkerGuard — A Dashboard, Setup Wizard, and Multi-Source Threat Aggregation

When we shipped SikkerGuard, the pitch was simple: one Docker container, one API key, zero maintenance. Pull a threat-scored blacklist from SikkerAPI, block malicious IPs at the kernel level, report what gets blocked, repeat. It works. Thousands of IPs blocked daily with no scripts to maintain.

Now we're taking it further.

SikkerGuard Is Getting a Dashboard

We're building a local web dashboard that ships inside the same Docker container. No separate service, no external dependency. SikkerGuard starts its web UI on a local port, you open it in your browser, and you see everything — live.

The dashboard shows what matters at a glance: how many IPs are blocked, which protocols are getting hit, where the threat data is coming from, and a live firewall log that streams blocked connections as they happen. No refreshing, no log tailing.

The design follows the same UI system as all of SikkerAPI, consistent across the website, dashboard, documentation, and now SikkerGuard.

Setup Without Editing Config Files

Right now, setting up SikkerGuard means creating a .env file with your API key, score threshold, pull interval, whitelist, port mappings, and reporting preferences. It's documented, but it's still a config file.

The new version ships with a first-run setup wizard. On first launch, SikkerGuard detects that it hasn't been configured yet and presents a setup page instead of the dashboard:

Create a dashboard username and password, paste your SikkerAPI key, and you're done. SikkerGuard stores the configuration in a local SQLite database. no more restarting the container to change settings. Update your score threshold, toggle reporting, add whitelist entries, all from the browser, applied immediately.

The .env approach still works for users who prefer it. The dashboard is an addition, not a replacement.

Multi-Source Threat Aggregation

This is the bigger change.

SikkerGuard currently pulls from one source: SikkerAPI's blacklist. That's our own threat intelligence, dozens honeypots across the world, community reports from Fail2Ban and CSF integrations, all scored by confidence level.

But SikkerAPI isn't the only threat intelligence source worth blocking. AbuseIPDB maintains a massive community-reported abuse database. Blocklist.de aggregates fail2ban reports from thousands of servers. You might have your own internal blacklist of IPs you've observed targeting your infrastructure.

We're building SikkerGuard to aggregate all of these into a single unified blocklist.

The architecture works like this: each source is a separate integration that SikkerGuard pulls from on its own schedule. SikkerAPI remains the primary, first-class source, it's what SikkerGuard was built for. But you'll be able to enable additional sources from the dashboard, provide their API keys where needed, and SikkerGuard handles the rest: fetching, deduplication, merging, and applying the combined blocklist to your firewall.

When IPs appear in multiple sources, SikkerGuard tracks the overlap. An IP flagged by both SikkerAPI and AbuseIPDB and your custom blacklist is a stronger signal than an IP from a single source. The dashboard shows exactly where each blocked IP came from and how many sources agree.

SikkerAPI is still the engine. The confidence scoring, the reputation lookups, the bulk reporting feedback loop, that's all SikkerAPI. Multi-source aggregation means SikkerGuard can complement our intelligence with other feeds, not replace it.

What This Means Practically

If you're running SikkerGuard today, nothing changes until the update ships. When it does:

• Existing deployments keep working. The .env configuration is still supported. The update is backwards compatible.
• Dashboard is optional. If you never open the web UI, SikkerGuard still blocks IPs exactly as it does now.
• Multi-source is opt-in. SikkerAPI remains the default and only source unless you explicitly add others.
• Same container. No new services to run, no additional Docker setup.

For new users, the setup wizard makes the initial configuration simpler. For existing users, the dashboard gives you visibility that previously required shell access. For power users, multi-source aggregation lets you combine threat feeds without writing your own merging logic.

Timeline

We're building this now. The setup wizard and dashboard are in active development, the UI is built, the data layer is in place, and we're wiring the backend API endpoints that connect them. Multi-source integrations come after the dashboard ships.

No specific release date yet. When it's ready, existing SikkerGuard containers will pick up the update automatically on their next pull.

If you're not running SikkerGuard yet, the current version is fully production-ready and works on the free SikkerAPI plan. The setup takes 60 seconds: SikkerGuard setup guide.