def run()

in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_filehash/module.py [0:0]

• 23 lines of code
• 1 McCabe index (conditional complexity)

    def run(self):
        """Run the alarm module"""
        ret = get_initial_alarm_result()
        ret["info"] = info
        ret["fields"] = [
            "agent.hostname",
            "@timestamp",
            "host.name",
            "user.name",
            "ioc.type",
            "file.name",
            "file.hash.md5",
            "c2.message",
            "alarm.alarm_filehash",
        ]
        ret["groupby"] = ["file.hash.md5"]
        report = self.alarm_check()
        ret["hits"]["hits"] = report["hits"]
        ret["mutations"] = report["mutations"]
        ret["hits"]["total"] = len(report["hits"])
        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        return ret