- Why can there be only one risk type per IP? What if an IP is a honeypot and botnet. It would make sense to me to have a list of threats or a different value for each.
- Why is the threat level a string? Is it meant to be compared for equality only?
Also your docs need a lot of work. I would like to know specifically what threat types there are currently, what their slug is and what specifically they mean.
Thanks for the feedback, completely agreed. We are redoing the entire docs page to give more info on all responses plus some other generic stuff/updates.
Regarding only one risk type per IP. We set the severity to the max level logged in our system. If it's a 3, 4 and 5 based of attack type, frequency of attack, method of collection, etc it'll be the highest severity logged. We might look at integrating this differently in v2.
- Why can there be only one risk type per IP? What if an IP is a honeypot and botnet. It would make sense to me to have a list of threats or a different value for each.
- Why is the threat level a string? Is it meant to be compared for equality only?
Also your docs need a lot of work. I would like to know specifically what threat types there are currently, what their slug is and what specifically they mean.