elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_backendalarm/module.py [39:57]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            "@timestamp",
            "source.ip",
            "http.headers.useragent",
            "source.cdn.ip",
            "redir.frontend.name",
            "redir.backend.name",
            "infra.attack_scenario",
        ]
        ret["groupby"] = ["source.ip", "http.headers.useragent"]
        report = self.alarm_check()
        ret["hits"]["hits"] = report["hits"]
        ret["hits"]["total"] = len(report["hits"])
        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        return ret

    # pylint: disable=no-self-use
    def alarm_check(self):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_useragent/module.py [38:55]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            "@timestamp",
            "source.ip",
            "http.headers.useragent",
            "source.cdn.ip",
            "redir.frontend.name",
            "redir.backend.name",
            "infra.attack_scenario",
        ]
        ret["groupby"] = ["source.ip", "http.headers.useragent"]
        report = self.alarm_check()
        ret["hits"]["hits"] = report["hits"]
        ret["hits"]["total"] = len(report["hits"])
        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        return ret

    def alarm_check(self):  # pylint: disable=no-self-use
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -