#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Part of RedELK

This alarm always triggers. It lists the last 2 redirtraffic lines as hit

Authors:
- Outflank B.V. / Mark Bergman (@xychix)
- Lorenzo Bernardi (@fastlorenzo)
"""
import logging

from modules.helpers import get_hits_count, get_initial_alarm_result, get_query

info = {
    "version": 0.1,
    "name": "lastline alarm module",
    "alarmmsg": "ALARM GENERATED BY LASTLINE",
    "description": "This alarm always triggers. It lists the last 2 redirtraffic lines as hit",
    "type": "redelk_alarm-NOTINUSE",
    "submodule": "alarm_lastline",
}


class Module:
    """lastline alarm module"""

    def __init__(self):
        self.logger = logging.getLogger(info["submodule"])

    def run(self):
        """Run the alarm module"""
        ret = get_initial_alarm_result()
        ret["info"] = info
        ret["fields"] = [
            "source.ip",
            "source.cdn.ip",
            "source.geo.country_name",
            "source.as.organization.name",
            "redir.frontend.name",
            "redir.backend.name",
            "infra.attack_scenario",
            "tags",
            "redir.timestamp",
        ]
        ret["groupby"] = ["source.ip"]
        report = self.alarm_check()
        ret["hits"]["hits"] = report["hits"]
        ret["hits"]["total"] = len(report["hits"])
        self.logger.info(
            "finished running module. result: %s hits", ret["hits"]["total"]
        )
        return ret

    # pylint: disable=no-self-use
    def alarm_check(self):
        """This check queries for IP's that aren't listed in any iplist* but do talk to c2* paths on redirectors"""
        es_query = "*"
        i = get_hits_count(es_query)
        i = min(i, 10000)
        es_result = get_query(es_query, i)
        report = {}
        report["hits"] = []
        report["hits"].append(es_result[0])
        report["hits"].append(es_result[1])
        return report