# Name
#	addAttachmentToIncident
# Description
#	add an attachement to incident
# Usage
#	addAttachmentToIncident <incident_id> <file_path_to_attachment>
#
# Required to set the following variables
#	$usernameï¼šAPI Key
#	$passwordï¼šAPI Key Secret
#	$resilientIPï¼šSOAR IP Address
#	$orgId : organization Id
# Arguments
#	$incidentId: incident_id
#	$filePath: file_path_to_attachment		#<-- Implicitly UTF-8 is assumed.


# Process Argument
	If( $args.Length -ne 2 ) {
		Write-Host "[Usage] addAttachmentToIncident <incidentID> <Attachment File Path>"
		exit
	}

	$incidentId = $args[0]										# 1st argument : incident_id
	$filePath = $args[1]										# 2nd argument : file_path_to_attachment

# SOAR Information
	$resilientIP = "9.68.70.82"									# SOAR IP Address
	$orgId = "201"											# organization Id
	$username = "2211b322-8781-4dfd-8b7e-e9d7b3b4a937"						# API Key
	$password = "55Z2UJBC92PjLhXdDsYW10wNSFMJGw63ZNkzo-RQlK4"					# API Key Secret
	$uri = "https://${resilientIP}/rest/orgs/${orgId}/incidents/${incidentId}/attachments"		# REST URL to add an attachment to incident


# Allow self-signed certificate
	Add-Type @"
	   using System.Net;
	   using System.Security.Cryptography.X509Certificates;
	   public class TrustAllCertsPolicy : ICertificatePolicy {
	      public bool CheckValidationResult(
	         ServicePoint srvPoint, X509Certificate certificate,
	         WebRequest request, int certificateProblem) {
	         return true;
	      }
	   }
"@
	[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy


# Convert API Key to Authorization request header
	$basicAuthValue = "Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($username+":"+$password))	# Convert to Base64
	$headers = @{"Authorization" = $basicAuthValue}											# Generate Request Header


# Extract information from attachment file path
	$fileName = [System.IO.Path]::GetFileName($filePath) 	# extract file name
	$fileBin = [System.IO.File]::ReadAllBytes($filePath)	# extract file contents


# Encodingï¼š"ISO-8859-1"	Content-Type without charset

	$codepage = "iso-8859-1"
	$enc = [System.Text.Encoding]::GetEncoding($codepage)	# Get Encoding

# body data
	$boundary = [System.Guid]::NewGuid().ToString()					# bodyData parts : boundary
	$LF = "`r`n"									# bodyData parts : CR LF
	$fileBinEnc = $enc.GetString($fileBin)						# File content Byte array to String conversion with ISO-8859-1
	$fileNameEnc = $enc.GetString([System.Text.Encoding]::UTF8.GetBytes($fileName))	# File name Byte array to String conversion with ISO-8859-1

# Combine each bodyData part to form a request body format with $LF
	$bodyLines = (
	    "--$boundary",
	    "Content-Disposition: form-data; name=`"file`"; filename=`"$fileNameEnc`"",
	    "Content-Type: application/octet-stream$LF",
	    $fileBinEnc,
	    "--$boundary--$LF"
	) -join $LF

# Send by Invoke-RestMethod
	try{
		Invoke-RestMethod -Uri $uri -Method Post -ContentType "multipart/form-data; boundary=`"$boundary`"" -Headers $headers -Body $bodyLines
	}catch{
		Write-Error("Error"+$_.Exception)
	}finally{
	}