def alarm_check()

in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_useragent/module.py [0:0]

• 23 lines of code
• 5 McCabe index (conditional complexity)

    def alarm_check(self):  # pylint: disable=no-self-use
        """This check queries for UA's that are listed in any blacklist_useragents.conf and do talk to c2* paths on redirectors
        We will dig trough ALL data finding specific IP related lines and tag them reading the useragents we trigger on."""
        file_name = "/etc/redelk/rogue_useragents.conf"
        with open(file_name, encoding="utf-8") as file:
            content = file.readlines()
        ua_list = []
        for line in content:
            if not line.startswith("#"):
                ua_list.append(line.strip())
        keywords = ua_list
        es_subquery = ""
        # add keywords (UA's) to query
        for keyword in keywords:
            if es_subquery == "":
                es_subquery = f"(http.headers.useragent:{keyword}"
            else:
                es_subquery = es_subquery + f" OR http.headers.useragent:{keyword}"
        es_subquery = es_subquery + ") "
        # q = "%s AND redir.backendname:c2* AND tags:enrich_* AND NOT tags:alarm_* "%qSub
        es_query = (
            f"{es_subquery} AND redir.backend.name:c2* AND NOT tags:alarm_useragent"
        )

        es_results = get_query(es_query, 10000)
        report = {}
        report["hits"] = es_results
        return report