import requests
import structlog
from config import SIEM_ENABLED, SIEM_WEBHOOK_URL

logger = structlog.get_logger("aoc.siem")


def forward_event(event: dict):
    """Forward a normalized event to the configured SIEM webhook."""
    if not SIEM_ENABLED or not SIEM_WEBHOOK_URL:
        return
    try:
        res = requests.post(SIEM_WEBHOOK_URL, json=event, timeout=10)
        res.raise_for_status()
        logger.debug("Event forwarded to SIEM", event_id=event.get("id"))
    except Exception as exc:
        logger.warning("SIEM forward failed", error=str(exc))