in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_dummy/module.py [0:0]
def run(self):
"""Run the alarm module"""
ret = get_initial_alarm_result()
ret["info"] = info
ret["fields"] = [
"agent.hostname",
"@timestamp",
"host.name",
"user.name",
"ioc.type",
"file.name",
"file.hash.md5",
"ioc.domain",
"c2.message",
"alarm.alarm_filehash",
]
ret["groupby"] = []
for result in self.alarm_dummy():
ret["hits"]["hits"].append(result)
ret["mutations"][result["_id"]] = {"test": "extra_data"}
ret["hits"]["total"] += 1
self.logger.info(
"finished running module. result: %s hits", ret["hits"]["total"]
)
self.logger.debug(ret)
return ret