From 90f915c98918e0ea4190e28e4538e34a921b946e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20St=C3=B6ckl?= Date: Mon, 25 Aug 2025 19:56:38 +0000 Subject: [PATCH] whois_analyzer.py aktualisiert --- whois_analyzer.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/whois_analyzer.py b/whois_analyzer.py index 8b7850b..2bb7f39 100644 --- a/whois_analyzer.py +++ b/whois_analyzer.py @@ -34,7 +34,6 @@ class WhoisEnrichmentAnalyzer(interface.BaseAnalyzer): self.timeout = current_app.config.get('WHOIS_TIMEOUT', 10) self.whois_cache: Dict[str, Optional[Dict]] = {} - self.processed_ips: Set[str] = set() def _validate_ip(self, ip_address: str) -> bool: """Validate IP address.""" @@ -168,7 +167,7 @@ class WhoisEnrichmentAnalyzer(interface.BaseAnalyzer): for event in events: events_processed += 1 - # Find first valid IP in this event + # Find first valid IP in this event and enrich it for ip_field in self.IP_FIELDS: ip_value = event.source.get(ip_field) if not ip_value: @@ -183,15 +182,13 @@ class WhoisEnrichmentAnalyzer(interface.BaseAnalyzer): if not self._validate_ip(ip_str): continue - if ip_str not in self.processed_ips: - self.processed_ips.add(ip_str) - - whois_data = self._get_whois_data(ip_str) - - if whois_data: - self._enrich_event(event, ip_field, ip_str, whois_data) - enriched_count += 1 - break + # Process EVERY IP, no duplicate checking + whois_data = self._get_whois_data(ip_str) # Uses cache to avoid duplicate API calls + + if whois_data: + self._enrich_event(event, ip_field, ip_str, whois_data) + enriched_count += 1 + break # Only enrich first valid IP per event # Rate limiting if events_processed % self.batch_size == 0: