in ransomware/artifact.lua [3629:3664]
function Ransomware:AppendChildProcesses(parentProcessData, ransomwareChildProcesses)
if nil == parentProcessData then
return false
end
local counter = 0
for k, _ in pairs(parentProcessData.children) do
if counter >= globals.MAX_CHILD_PROCESSES then
break
end
local childProcessData = self.processDataTable[k]
if nil ~= childProcessData and 0.0 ~= childProcessData.totalScore then
local childProcessTable = {}
childProcessTable.pid = childProcessData.processId
childProcessTable.score = childProcessData.totalScore
childProcessTable.alert_files = {}
alert.GenerateElasticAlert(childProcessTable, childProcessData)
table.insert(ransomwareChildProcesses, childProcessTable)
counter = counter + 1
end
end
return true
end