maxime.killinger/crowdsec-notify
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: deduplicate CrowdSec alert scenarios per IP
All checks were successful
🚀 Docker Build and Push / build-and-push (push) Successful in 2m18s
Details

Browse Source 
- Use a set to collect scenarios for each IP address to prevent duplicate entries (e.g., multiple 'http-probing' lists).
- Sort scenarios alphabetically for consistent notification output.
- Improve notification readability by grouping repetitive alerts.
This commit is contained in:
Maxime Killinger
2026-01-03 10:26:37 +01:00
parent d180cb700c
commit a75c21a0bf
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app.py
View File

@@ -77,8 +77,8 @@ def handle_crowdsec():
scenario = alert.get("Scenario", "unknown") scenario = alert.get("Scenario", "unknown")
if ip not in ip_groups: if ip not in ip_groups:
ip_groups[ip] = {"country": country, "scenarios": []} ip_groups[ip] = {"country": country, "scenarios": set()}
ip_groups[ip]["scenarios"].append(format_scenario(scenario)) ip_groups[ip]["scenarios"].add(format_scenario(scenario))
# Format message # Format message
num_ips = len(ip_groups) num_ips = len(ip_groups)
@@ -89,7 +89,7 @@ def handle_crowdsec():
whois_link = f"https://who.is/whois-ip/ip-address/{ip}" whois_link = f"https://who.is/whois-ip/ip-address/{ip}"
lines.append(f"🚫 {ip} ({country_name})") lines.append(f"🚫 {ip} ({country_name})")
lines.append(f" 🔗 {whois_link}") lines.append(f" 🔗 {whois_link}")
for scenario in data["scenarios"]: for scenario in sorted(data["scenarios"]):
lines.append(f"{scenario}") lines.append(f"{scenario}")
lines.append("") lines.append("")