This article discusses optimization possibilities for a real-time attacker profiling system that makes use of honeypots. We revisit an already implemented system that aimed to classify attackers according to the patterns of observed attacks in honeypot environments. The architecture of the implemented solution combines the collection of data from deployed honeypots with a classification system to categorize attackers in real time. The chapter discusses the following key components of the system: honeypot network design, central log management through the ELK stack, including Elasticsearch, Logstash, Kibana, and a custom-developed data processing module. We present the implemented methodology for the identification and scoring of various attack patterns, from simple port scans to more sophisticated intrusion attempts. Optimization possibilities were investigated in order to enhance the capability of the proposed system for rapid and effective profiling of cyber attackers. These involve an assessment of the attack detection algorithms, the scoring system, and the refinement of a more complete attacker classification model. The paper concludes with the testing results in both a controlled Capture The Flag event and an actual internet-exposed deployment, thus showing results on the performance of the system under different conditions. By proposing such optimizations, we want to improve the effectiveness of the system in promptly providing information about potential threats and allowing better and more focused response strategies against them in current cybersecurity operations.