function alert.GenerateAlert()

in ransomware/artifact.lua [538:613]

• 57 lines of code
• 12 McCabe index (conditional complexity)

function alert.GenerateAlert(alertProcessData, isDiagnostic)
    local processTable = {}
    local product = utils.GetProduct()
    if product == nil or product == '' then
        
        
        
        utils.DebugLog('Error collecting product information via GetProduct()')
        return true
    end

    if isDiagnostic and globals.namespace.totalAlerts >= alert.DIAGNOSTIC_ALERT_CAP then
        
        utils.DebugLog('alert.DIAGNOSTIC_ALERT_CAP REACHED! alert will not be generated for PID: ' ..
                           alertProcessData.processId)
        return true
    end

    if isDiagnostic and alertProcessData.diagnosticAlertQueued then
        utils.DebugLog('FINALLY generate our DIAGNOSTIC alert!')
        
        alertProcessData.diagnosticAlertQueued = false
    elseif isDiagnostic and alertProcessData.diagnosticAlerted then
        utils.DebugLog('PREVIOUSLY DIAGNOSTIC ALERTED ON THIS PROCESS!')
        return true
    elseif false == alertProcessData.activeAnalysis then
        utils.DebugLog('Process no longer subject to active analysis')
        return true
    elseif true == alertProcessData.alerted then
        utils.DebugLog('Previously alerted on this process in this namespace')
        return true
    end

    if nil ~= alertProcessData.createExtensions then
        utils.PrintExtensionTables(alertProcessData)
        utils.PrintOperationTables(alertProcessData)
    end

    
    processTable.pid = alertProcessData.processId
    processTable.is_alert = true
    processTable.score = alertProcessData.totalScore
    processTable.alert_files = {}

    if isDiagnostic then
        utils.DebugLog('DIAGNOSTIC ALERT: ' .. alertProcessData.processId)
        alertProcessData.diagnosticAlerted = true
        
        processTable.beta_alert = true
    else
        alertProcessData.activeAnalysis = false
        alertProcessData.alerted = true
        
        processTable.beta_alert = false
    end

    
    if product == 'endgame' then
        alert.GenerateEndgameAlert(processTable, alertProcessData)
    elseif product == 'elastic' then
        processTable.canary_alert = alertProcessData.canary_alert

        
        if nil ~= alertProcessData.child_processes then
            processTable.child_processes = alertProcessData.child_processes
        end

        alert.GenerateElasticAlert(processTable, alertProcessData)
    end

    lemit(processTable)
    globals.alertGenerated = true
    globals.namespace.totalAlerts = globals.namespace.totalAlerts + 1
    utils.DebugLog('namespace.totalAlerts: ' .. globals.namespace.totalAlerts)
    return true
end