After processing all objects in an event, certain objects (e.g. misphunter-cert objects) should be blacklisted depending on specific criteria. For example, if a misphunter-cert object only returns one IP in its list of hosts after having searched across all services, it should automatically be blacklisted so it doesn't continue to burn API queries in the future. It's likely in that scenario that the cert was only cut for that specific host.
After processing all objects in an event, certain objects (e.g. misphunter-cert objects) should be blacklisted depending on specific criteria. For example, if a misphunter-cert object only returns one IP in its list of hosts after having searched across all services, it should automatically be blacklisted so it doesn't continue to burn API queries in the future. It's likely in that scenario that the cert was only cut for that specific host.