def run()

in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_httptraffic/module.py [0:0]

• 24 lines of code
• 1 McCabe index (conditional complexity)

    def run(self):
        """Run the alarm module"""
        ret = get_initial_alarm_result()
        ret["info"] = info
        ret["fields"] = [
            "agent.hostname",
            "source.ip",
            "source.cdn.ip",
            "source.geo.country_name",
            "source.as.organization.name",
            "redir.frontend.name",
            "redir.backend.name",
            "infra.attack_scenario",
            "tags",
            "redir.timestamp",
        ]
        ret["groupby"] = ["source.ip"]
        alarmed_ips = self.get_alarmed_ips()
        report = self.alarm_check(alarmed_ips)
        ret["hits"]["hits"] = report
        ret["hits"]["total"] = len(report)
        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        return ret