① Filter Stale
Remove old CVEs
Remove items outside
lookback window
② Deduplicate
Single-pass O(n)
Match by: CVE, SHA-256,
IP, domain, title
③ Classify
Tag items: ransomware,
apt, zeroday, ics,
transport, rce, etc.
④ Truncate
Cap descriptions
at 300 chars
⑤ Domain Classify
Tag each ref URL
primary / media / other
⑥ Metadata
Build source &
category breakdowns