diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index d09ac70..a115f2f 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -46,6 +46,10 @@ THREAT_THRESHOLD_CRITICAL=80
 THREAT_THRESHOLD_HIGH=60
 THREAT_THRESHOLD_MEDIUM=40
 
+# Display mode (compact by default for small terminals)
+COMPACT_MODE=1
+TERMINAL_HEIGHT=$(tput lines 2>/dev/null || echo "24")
+
 # Temporary files for tracking
 TEMP_DIR="/tmp/live-monitor-$$"
 SNAPSHOT_DIR="/var/lib/server-toolkit/live-monitor"
@@ -1033,7 +1037,11 @@ draw_intelligence_panel() {
     echo "  Blocked/filtered: $blocked_count, Displaying: $displayed_count" >> "$TEMP_DIR/debug.log"
 
     if [ -n "$ip_list" ]; then
-        echo "$ip_list" | sort -t'|' -k1 -rn | head -10 | while IFS='|' read -r score ip hits bot_type attacks ban_count rep_score; do
+        # Show fewer IPs in compact mode
+        local max_ips=10
+        [ "$COMPACT_MODE" -eq 1 ] && max_ips=5
+
+        echo "$ip_list" | sort -t'|' -k1 -rn | head -$max_ips | while IFS='|' read -r score ip hits bot_type attacks ban_count rep_score; do
             # Set defaults for empty values
             score="${score:-0}"
             hits="${hits:-0}"
@@ -1095,6 +1103,9 @@ draw_intelligence_panel() {
 }
 
 draw_attack_breakdown() {
+    # Skip this section entirely in compact mode
+    [ "$COMPACT_MODE" -eq 1 ] && return
+
     echo -e "${MEDIUM_COLOR}┌─ ATTACK VECTORS ───────────────────────────────────────────────────────────┐${NC}"
 
     if [ ${#ATTACK_TYPE_COUNTER[@]} -eq 0 ]; then
@@ -1115,8 +1126,12 @@ draw_attack_breakdown() {
 draw_live_feed() {
     echo -e "${HIGH_COLOR}┌─ LIVE THREAT FEED ─────────────────────────────────────────────────────────┐${NC}"
 
+    # Adaptive line count based on mode
+    local feed_lines=$MAX_DISPLAY_LINES
+    [ "$COMPACT_MODE" -eq 1 ] && feed_lines=8
+
     if [ -f "$TEMP_DIR/recent_events" ] && [ -s "$TEMP_DIR/recent_events" ]; then
-        tail -n "$MAX_DISPLAY_LINES" "$TEMP_DIR/recent_events"
+        tail -n "$feed_lines" "$TEMP_DIR/recent_events"
     else
         echo -e "${LOW_COLOR}  Waiting for events...${NC}"
     fi
@@ -1233,7 +1248,12 @@ draw_quick_actions() {
         echo ""
     fi
 
-    echo -e "${INFO_COLOR}  Keys: 'b' Block | 'c' Security | 's' Stats | 'r' Refresh | 'h' Help | 'q' Quit${NC}"
+    # Show different keys based on mode
+    if [ "$COMPACT_MODE" -eq 1 ]; then
+        echo -e "${INFO_COLOR}  Keys: 'b' Block | 'c' Security | 'v' Verbose | 'r' Refresh | 'q' Quit${NC}"
+    else
+        echo -e "${INFO_COLOR}  Keys: 'b' Block | 'c' Security | 'v' Compact | 's' Stats | 'q' Quit${NC}"
+    fi
 
     echo -e "${MEDIUM_COLOR}└────────────────────────────────────────────────────────────────────────────┘${NC}"
 }
@@ -1753,6 +1773,8 @@ monitor_ssh_attacks() {
                         else
                             attacks="${attacks},BRUTEFORCE"
                         fi
+                        # Update attack type counter for display
+                        ((ATTACK_TYPE_COUNTER["BRUTEFORCE"]++))
                     fi
 
                     # Progressive scoring for bruteforce: Each attempt adds points
@@ -2688,6 +2710,14 @@ while true; do
             # Security hardening menu
             show_security_hardening_menu
             ;;
+        v|V)
+            # Toggle compact/verbose mode
+            if [ "$COMPACT_MODE" -eq 1 ]; then
+                COMPACT_MODE=0
+            else
+                COMPACT_MODE=1
+            fi
+            ;;
         i|I)
             # Show threat intelligence for specific IP
             clear