From a75c21a0bf858cfabcf4d8b011c3994059d77b8f Mon Sep 17 00:00:00 2001
From: Maxime Killinger <max.killinger@outlook.fr>
Date: Sat, 3 Jan 2026 10:26:37 +0100
Subject: [PATCH] feat: deduplicate CrowdSec alert scenarios per IP

- Use a set to collect scenarios for each IP address to prevent duplicate entries (e.g., multiple 'http-probing' lists).
- Sort scenarios alphabetically for consistent notification output.
- Improve notification readability by grouping repetitive alerts.
---
 app.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app.py b/app.py
index 42b1687..79163b3 100644
--- a/app.py
+++ b/app.py
@@ -77,8 +77,8 @@ def handle_crowdsec():
             scenario = alert.get("Scenario", "unknown")
             
             if ip not in ip_groups:
-                ip_groups[ip] = {"country": country, "scenarios": []}
-            ip_groups[ip]["scenarios"].append(format_scenario(scenario))
+                ip_groups[ip] = {"country": country, "scenarios": set()}
+            ip_groups[ip]["scenarios"].add(format_scenario(scenario))
         
         # Format message
         num_ips = len(ip_groups)
@@ -89,7 +89,7 @@ def handle_crowdsec():
             whois_link = f"https://who.is/whois-ip/ip-address/{ip}"
             lines.append(f"🚫 {ip} ({country_name})")
             lines.append(f"   🔗 {whois_link}")
-            for scenario in data["scenarios"]:
+            for scenario in sorted(data["scenarios"]):
                 lines.append(f"   └ {scenario}")
             lines.append("")