anti
023bc1993d
IntelProvider is async-first (every concrete provider does HTTP), bounded by a per-provider asyncio.Semaphore, and contractually never raises — errors land in IntelResult.error so a single provider's outage doesn't poison the worker pass for an entire IP. Factory returns a list (not a singleton like geoip) because intel enrichment fans out across all enabled providers per IP, with row-level partial-success handling. Lazy imports keep the module dependency-free when intel is disabled. Concrete providers (greynoise/abuseipdb/feodo/threatfox) land in follow-up commits — factory references them via lazy import so tests covering the disabled and unknown-name paths pass on their own.
11 lines
429 B
Python
11 lines
429 B
Python
"""Threat-intel enrichment subsystem — out-of-band lookups for attacker IPs.
|
|
|
|
Sibling to :mod:`decnet.geoip` and :mod:`decnet.asn`, but runs as a
|
|
separate worker (``decnet enrich``) rather than inline in the profiler:
|
|
3rd-party HTTP latency and free-tier rate limits should not block the
|
|
profiler tick.
|
|
|
|
Public surface: :func:`decnet.intel.factory.get_intel_providers` and the
|
|
:class:`decnet.intel.base.IntelProvider` ABC.
|
|
"""
|