1# SPDX-FileCopyrightText: 2026 Defensive Lab Agency
2# SPDX-FileContributor: u039b <git@0x39b.fr>
3#
4# SPDX-License-Identifier: GPL-3.0-or-later
5
6import socket
7from functools import lru_cache
8from typing import Union
9
10from mongoose.models import NetworkDPI, NetworkFlow, NetworkAlert
11from mongoose.utils.exceptions import IgnoreCacheException
12
13
[docs]
14class HostnameEnrichment:
[docs]
15 @lru_cache(maxsize=256)
16 def get_hostname(self, ip_address: str):
17 socket.setdefaulttimeout(0.4)
18 try:
19 return socket.gethostbyaddr(ip_address)[0]
20 except socket.error:
21 raise IgnoreCacheException
22
[docs]
23 def enrich_network_event(self, event: Union[NetworkDPI, NetworkFlow, NetworkAlert]):
24 if not hasattr(event, "src_ip") or not hasattr(event, "dst_ip"):
25 return
26
27 event.enrichment["src_hostname"] = ""
28 event.enrichment["dst_hostname"] = ""
29
30 try:
31 event.enrichment["src_hostname"] = self.get_hostname(event.src_ip)
32 except (Exception,):
33 pass
34 try:
35 event.enrichment["dst_hostname"] = self.get_hostname(event.dst_ip)
36 except (Exception,):
37 pass