in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_filehash/module.py [0:0]
def get_mutations(self, check_results): # pylint: disable=no-self-use
"""Add the mutations to be returned"""
# Will store mutations per hash (temporarily)
alarmed_hashes = {}
# Loop through the engines
for engine in check_results.keys():
# Loop through the hashes results
for md5 in check_results[engine].keys():
if isinstance(check_results[engine][md5], type({})):
if (
"result" in check_results[engine][md5]
and check_results[engine][md5]["result"] == "newAlarm"
):
# If hash was already alarmed by an engine
if md5 in alarmed_hashes:
alarmed_hashes[md5][engine] = check_results[engine][md5]
else:
alarmed_hashes[md5] = {engine: check_results[engine][md5]}
return alarmed_hashes