Add IP reputation tracking for ET Open detections + historical analyzer to menu

IP Reputation Tracking:
- ET attack scores now properly boost IP threat scores
- When ET detects attack (score 85-100), adds to IP's cumulative score
- Example: IP at score 50 + ET attack 95 = total 100 (capped)
- Tracks across multiple requests from same IP
- Higher scores = faster blocking/banning

How it works:
1. ET detection runs: analyze_http_log_line() returns score
2. Score added to IP's existing threat score in IP_DATA array
3. Display shows boosted score
4. Auto-block triggers at combined score ≥90

Menu Integration:
- Added option 15 to Security menu
- 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)
- Launches: tools/analyze-historical-attacks.sh
- Features:
  - Scan last 7/30/custom days
  - Analyze specific log files
  - Generate comprehensive reports
  - Top attackers, signatures, attack types
  - Supports compressed logs (gzip, bzip2)

Testing:
✅ Syntax validated
✅ Tracking logic verified (50 + 95 = 100)
✅ Menu navigation works
✅ Historical analyzer accessible

Now when IPs attack repeatedly:
- First attack: Score increases by attack severity
- Subsequent attacks: Scores accumulate
- Persistent attackers: Reach blocking threshold faster
- Dashboard shows current cumulative score

launcher.sh

@@ -141,6 +141,10 @@ show_security_menu() {
     echo -e "  ${YELLOW}13)${NC} 🔒 Enable cPHulk Protection  - Brute force protection"
     echo -e "  ${YELLOW}14)${NC} ⚙️  Optimize CT_LIMIT         - Connection tracking tuning"
     echo ""
+    echo -e "${BOLD}Analysis Tools:${NC}"
+    echo ""
+    echo -e "  ${GREEN}15)${NC} 🛡️  Historical Attack Analysis - Scan past logs for attacks (ET Open)"
+    echo ""
     echo -e "  ${RED}0)${NC} Back to Main Menu"
     echo ""
     echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}"
@@ -167,6 +171,7 @@ handle_security_menu() {
             12) run_module "security" "tail-secure-log.sh" ;;
             13) run_module "security" "enable-cphulk.sh" ;;
             14) run_module "security" "optimize-ct-limit.sh" ;;
+            15) bash "$SCRIPT_DIR/tools/analyze-historical-attacks.sh" ;;
             0) return ;;
             *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;;
         esac

modules/security/live-attack-monitor.sh

@@ -1720,9 +1720,20 @@ monitor_apache_logs() {
                         temp="${temp#*||}"
                         et_signatures="${temp%%||*}"
 
-                        # Record attack with higher score
+                        # Update IP intelligence with ET attack info
                         update_ip_intelligence "$ip" "$url|ET:$et_attack_types|$et_signatures" "attack" "HTTP"
 
+                        # Boost IP threat score based on ET detection
+                        local current_intel=$(get_ip_intelligence "$ip")
+                        IFS='|' read -r curr_score curr_hits curr_bot curr_attacks curr_ban curr_rep <<< "$current_intel"
+
+                        # Add ET attack score to IP's total score
+                        local new_score=$((curr_score + et_attack_score))
+                        [ "$new_score" -gt 100 ] && new_score=100
+
+                        # Update IP data with boosted score
+                        IP_DATA[$ip]="$new_score|$curr_hits|$curr_bot|$curr_attacks|$curr_ban|$curr_rep"
+
                         # Check rate anomaly
                         if type record_request &>/dev/null && type detect_rate_anomaly &>/dev/null; then
                             record_request "$ip"