#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Part of RedELK

This alarm always triggers. Only use for testing purposes.

Authors:
- Lorenzo Bernardi (@fastlorenzo)
"""
import logging
from modules.helpers import get_initial_alarm_result, get_query

info = {
    "version": 0.1,
    "name": "dummy alarm",
    "alarmmsg": "ALARM GENERATED BY DUMMY",
    "description": "This alarm always triggers. Only use for testing purposes.",
    "type": "redelk_alarm",
    "submodule": "alarm_dummy",
}


class Module:
    """dummy alarm module
    This check returns the last IOC in rtops-* that have not been alarmed yet
    """

    def __init__(self):
        self.logger = logging.getLogger(info["submodule"])

    def run(self):
        """Run the alarm module"""
        ret = get_initial_alarm_result()
        ret["info"] = info
        ret["fields"] = [
            "agent.hostname",
            "@timestamp",
            "host.name",
            "user.name",
            "ioc.type",
            "file.name",
            "file.hash.md5",
            "ioc.domain",
            "c2.message",
            "alarm.alarm_filehash",
        ]
        ret["groupby"] = []
        for result in self.alarm_dummy():
            ret["hits"]["hits"].append(result)
            ret["mutations"][result["_id"]] = {"test": "extra_data"}
            ret["hits"]["total"] += 1

        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        self.logger.debug(ret)
        return ret

    def alarm_dummy(self):
        """This check returns the last IOC in rtops-* that have not been alarmed yet"""
        es_query = "c2.log.type:ioc AND NOT tags:alarm_*"
        es_results = get_query(es_query, 1, index="rtops-*")
        self.logger.debug(es_results)

        return es_results