#!/bin/bash

# Copyright 2014-2022 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

. /usr/sbin/so-common

if ! [ -f /opt/so/state/playbook_regen_plays ] || [ "$1" = "--force" ]; then

    echo "Refreshing Sigma & regenerating plays... "

    # Regenerate ElastAlert & update Plays
    docker exec so-soctopus python3 playbook_play-update.py

    # Delete current Elastalert Rules
    rm /opt/so/rules/elastalert/playbook/*.yaml

    # Regenerate Elastalert Rules
    so-playbook-sync
    
    # Create state file
    touch /opt/so/state/playbook_regen_plays
else
  printf "\nState file found, exiting...\nRerun with --force to override.\n"
fi