def create_logconfig()

in source/lambda/es_loader/index.py [0:0]

• 50 lines of code
• 8 McCabe index (conditional complexity)

def create_logconfig(logtype):
    type_re = ['s3_key_ignored', 'log_pattern', 'multiline_firstline',
               'xml_firstline', 'file_timestamp_format']
    type_int = ['max_log_count', 'text_header_line_number',
                'ignore_header_line_number']
    type_bool = ['via_cwl', 'via_firelens', 'ignore_container_stderr',
                 'timestamp_nano']
    type_list = ['base.tags', 'container.image.tag', 'dns.answers',
                 'dns.header_flags', 'dns.resolved_ip', 'dns.type',
                 'ecs', 'static_ecs',
                 'event.category', 'event.type', 'file.attributes',
                 'host.ip', 'host.mac', 'observer.ip', 'observer.mac',
                 'process.args', 'registry.data.strings',
                 'related.hash', 'related.hosts', 'related.ip', 'related.user',
                 'renamed_newfields',
                 'rule.author', 'threat.tactic.id', 'threat.tactic.name',
                 'threat.tactic.reference', 'threat.technique.id',
                 'threat.technique.name', 'threat.technique.reference',
                 'threat.technique.subtechnique.id',
                 'threat.technique.subtechnique.name',
                 'threat.technique.subtechnique.reference',
                 'tls.client.certificate_chain',
                 'tls.client.supported_ciphers',
                 'tls.server.certificate_chain',
                 'user.roles', 'vulnerability.category',
                 'x509.alternative_names', 'x509.alternative_names',
                 'x509.issuer.country', 'x509.issuer.locality',
                 'x509.issuer.organization', 'x509.issuer.organizational_unit',
                 'x509.issuer.state_or_province', 'x509.subject.common_name',
                 'x509.subject.country', 'x509.subject.locality',
                 'x509.subject.organization',
                 'x509.subject.organizational_unit',
                 'x509.subject.state_or_province']
    logconfig = {}
    if logtype in ('unknown', 'nodata'):
        return logconfig
    for key in etl_config[logtype]:
        if key in type_re:
            logconfig[key] = get_value_from_etl_config(logtype, key, 're')
        elif key in type_int:
            logconfig[key] = get_value_from_etl_config(logtype, key, 'int')
        elif key in type_bool:
            logconfig[key] = get_value_from_etl_config(logtype, key, 'bool')
        elif key in type_list:
            logconfig[key] = get_value_from_etl_config(logtype, key, 'list')
        else:
            logconfig[key] = get_value_from_etl_config(logtype, key)
    if logconfig['file_format'] in ('xml', ):
        logconfig['multiline_firstline'] = logconfig['xml_firstline']
    return logconfig