function EventsSummary()

in ransomware/artifact.lua [2177:2236]

• 49 lines of code
• 9 McCabe index (conditional complexity)

function EventsSummary()
    local tempTable = {}
    local summary = ''
    local totalPids = 0
    local totalEvents = 0
    local totalScore = 0.0

    local numRenameExtensions = 0
    local operations = ''

    for _, v1 in pairs(globals.namespaces) do
        totalPids = 0
        totalEvents = 0
        totalScore = 0.0

        for k2, v2 in pairs(v1.processDataTable) do
            if utils.TableHasKey(v2, 'parentProcessId') then
                summary = summary .. '\nPID: ' .. k2 .. ' | PPID: ' .. v2.parentProcessId .. ' | numEvents: ' ..
                              #v2.events .. ' | totalScore:' .. v2.totalScore
            else
                summary = summary .. '\nPID: ' .. k2 .. ' | numEvents: ' .. #v2.events .. ' | totalScore:' ..
                              v2.totalScore
            end

            if utils.TableHasKey(v2, 'children') then
                for k3, v3 in pairs(v2.children) do
                    summary = summary .. '\nCHILD PID: ' .. k2 .. ' | SCORE: ' .. v2
                end
            end

            totalPids = totalPids + 1
            totalEvents = totalEvents + #v2.events
            totalScore = totalScore + v2.totalScore

            local renames = 0

            for _, v in pairs(v2.renameExtensions) do
                renames = 1
                break
            end

            if 1.0 < v2.totalScore then
                operations = operations .. '\n' .. utils.PrintOperationTables(v2)
            end
        end

        if 0 < totalPids then
            summary = summary .. '\nPIDS: ' .. totalPids .. ' EVENTS: ' .. totalEvents .. ' TOTAL TRACE SCORE: ' ..
                          totalScore
            summary = summary .. operations
        end
    end

    summary = summary .. '\n<END>'

    tempTable.raw_data = summary
    tempTable.is_alert = globals.alertGenerated
    lemit(tempTable)
    return true
end