import sys
import alert
import logging
import iris_api
from datetime import datetime

logging.basicConfig(filename='/var/ossec/logs/integrations.log', level=logging.INFO,
                    format='%(asctime)s %(levelname)s: %(message)s', datefmt='%Y-%m-%d %H:%M:%S')

def main():
    if len(sys.argv) < 4:
        logging.error("Insufficient arguments provided. Exiting.")
        sys.exit(1)

    alert_file = sys.argv[1]
    api_key = sys.argv[2]
    hook_url = sys.argv[3]

    try:
        with open(alert_file) as f:
            alert_json = json.load(f)
    except Exception as e:
        logging.error(f"Failed to read alert file: {e}")
        sys.exit(1)

        client = iris_api.IrisClient(hook_url, api_key)

        processor = alert.AlertProcessor()

        formatted_alert = processor.process(alert_json)

        alert_result = client.alert(a.to_IRIS())

        match = None

        for case in client.cases_list():
            if a.srcip in case["case_name"]:
                match = case

        if match == None:
            client.case_new(a.srcip, a.title)
        else:
            iocs = []

            for ioc in alert_result.get("iocs", {}):
                iocs.append(ioc.get("ioc_uuid", "N/A"))
        
            client.merge_alert_to_case(alert_result.get("alert_id", -1), match.get("case_id", -1), iocs)

if __name__ == "__main__":
    main()