apikey=itsm.getParameter('Api_Key')
domain=itsm.getParameter('Domain_Name')
email=itsm.getParameter('From_Email') 


import urllib2
import json
import os
import ctypes
import sys
from datetime import datetime, timedelta
import socket

class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)

def alert(arg):
    sys.stderr.write("%d%d%d" % (arg, arg, arg))

def sd(message, email, apikey, domain):
    devicename = os.environ['COMPUTERNAME']
    Data = {
            "email": email,
            "summary": "Critical Events Detected!!!",
            "description": message,
            "assetType": "2",
            "helpTopic": "1",
            "ticketCategory": "1",
            "category": "1"
            }
    
    json_data = json.dumps(Data)

    url = "%s/clientapi/index.php?serviceName=createticket"%(domain)

    headers = {
    "Content-Type" : "application/json",
    "Authorization" : "%s"%(apikey)
    }

    request = urllib2.Request(url, json_data, headers)
    response = urllib2.urlopen(request)
    response_data = json.loads(response.read())

    if response_data["status"] == "SUCCESS":
        print("Successfully created Ticket")
        print("Ticket ID: %s"%(response_data["data"]["ticketId"]))
        alert(1)
    else:
        print("Failed to create ticket")
        print(response_data)
        alert(0)

devicename = os.environ['COMPUTERNAME']
ip = socket.gethostbyname(socket.gethostname())

cdt = str(datetime.today().strftime(r"%Y-%m-%dT%H:%M:%S"))
past_dt = (datetime.today() - timedelta(minutes=5)).strftime(r"%Y-%m-%dT%H:%M:%S")
criticalEvent='wevtutil qe System /q:"*[System[(Level=1) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text | findstr /r "^Event\[[0-9]*\]:" | find /c "Event"'%(past_dt,cdt)

with disable_file_system_redirection():
    count = os.popen(criticalEvent).read().strip()
    if int(count) > 50:
        output = "More than 50 critical events occurred in the last 5 minutes on this machine:%s, ip:%s"%(devicename, ip)
        sd(output, email, apikey, domain)
    elif int(count) == 50:
        output = "50 critical events occurred in the last 5 minutes on this machine:%s, ip:%s"%(devicename, ip)
        sd(output, email, apikey, domain)
    else:
        print("critical Events found on this system for the last 5 minutes: %s"%(count))
        alert(0)