Fix enrichment: run web-check before AI analysis so data is available

Web-check (ports, DNS, blocklists) now runs as step 3, AI analysis as step 4. AI prompt includes open ports and blocklist status for richer threat verdicts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 03:42:23 -05:00 · 2026-03-26 03:42:23 -05:00 · 51ffd2b82c
commit 51ffd2b82c
parent e816e81820
1 changed files with 13 additions and 12 deletions
--- a/llm_team_ui.py
+++ b/llm_team_ui.py
@ -4056,7 +4056,19 @@ def admin_enrich_ip():
    except Exception:
        pass

-    # Step 3: AI threat analysis with full context (including web-check data)
+    # Step 3: Web-Check deep scan (ports, DNS, blocklists)
+    WEB_CHECK_BASE = "http://localhost:3000/api"
+    webcheck = {}
+    for endpoint in ["ports", "dns", "block-lists"]:
+        try:
+            wc_resp = requests.get(f"{WEB_CHECK_BASE}/{endpoint}?url={ip}", timeout=15)
+            if wc_resp.status_code == 200:
+                webcheck[endpoint.replace("-", "_")] = wc_resp.json()
+        except Exception:
+            pass
+    result["webcheck"] = webcheck
+
+    # Step 4: AI threat analysis with full context (including web-check data)
    try:
        geo_ctx = ""
        if result["geo"] and not result["geo"].get("error"):
@ -4117,17 +4129,6 @@ def admin_enrich_ip():
    except Exception as e:
        result["ai_analysis"] = {"error": str(e)}

-    # Step 4: Web-Check deep scan (ports, DNS, blocklists)
-    WEB_CHECK_BASE = "http://localhost:3000/api"
-    webcheck = {}
-    for endpoint in ["ports", "dns", "block-lists"]:
-        try:
-            wc_resp = requests.get(f"{WEB_CHECK_BASE}/{endpoint}?url={ip}", timeout=15)
-            if wc_resp.status_code == 200:
-                webcheck[endpoint.replace("-", "_")] = wc_resp.json()
-        except Exception:
-            pass
-    result["webcheck"] = webcheck
    result["log_count"] = len(ip_logs)
    return jsonify(result)