#!/bin/bash
# Ce script est appelé automatiquement par Wazuh pour chaque alerte (format JSON en entrée standard)
# Il lit chaque ligne JSON et l’envoie au script Python tracecat_forwarder.py

declare -x http_proxy="http://proxy:3128"
declare -x https_proxy="http://proxy:3128"


PYTHON_SCRIPT="/var/ossec/opsky/tracecat/tracecat_forwarder.py"
CONFIG_FILE="/var/ossec/opsky/tracecat/tracecat.conf"
LOG_FILE="/var/ossec/logs/integrations/tracecat.log"


INPUT_FILE="$1"

if [[ ! -x "$PYTHON_SCRIPT" ]]; then
  echo "$(date) - ERROR: Python script $PYTHON_SCRIPT not found or not executable." >> "$LOG_FILE"
  exit 1
fi

if [[ ! -e "$CONFIG_FILE" ]]; then
  echo "$(date) - ERROR: config file $CONFIG_FILE not found or not executable." >> "$LOG_FILE"
  exit 1
fi

echo "$(date):  Envoie d'une alerte à tracecat $1"  >> "$LOG_FILE" 



while IFS= read -r line; do
    echo "$line" | python3 "$PYTHON_SCRIPT" --config "$CONFIG_FILE" >> "$LOG_FILE" 2>&1
done < "$INPUT_FILE"
