def build_report()

in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/alarm_filehash/module.py [0:0]

• 13 lines of code
• 5 McCabe index (conditional complexity)

    def build_report(self, md5_dict, alarmed_hashes):
        """Build report to be returned by the alarm"""
        # Prepare the object to be returned
        report = {"mutations": {}, "hits": []}
        # Loop through all hashes
        for md5 in md5_dict:
            # Loop through all related ES docs
            for ioc in md5_dict[md5]:
                # Hash has been found in one of the engines and should be alarmed
                if md5 in alarmed_hashes.keys():
                    report["mutations"][ioc["_id"]] = alarmed_hashes[md5]
                    report["hits"].append(ioc)
                # Hash was not found so we update the last_checked date
                else:
                    self.logger.debug(
                        "md5 hash not alarmed, updating last_checked date: [%s]", md5
                    )
                    add_alarm_data(ioc, {}, info["submodule"], False)

        return report