(function process(request, response) {

    var parseRequestBody = function(bodyString) {
        return JSON.parse(bodyString);
    };

    var buildDescription = function(requestBody) {
        var description = '';

        description += '\nUser Information:\n';
        description += requestBody.userName + '\n';
        description += requestBody.user + '\n';
        description += 'Severity: ' + requestBody.severity + '\n';
        description += 'State: ' + requestBody.state + '\n';

        if (requestBody.clientIPs && requestBody.clientIPs.length > 0) {
            var clientList = requestBody.clientIPs.join('\n');
            description += '\nNetwork Client Information:\n' + clientList + '\n';
        }

        if (requestBody.files && requestBody.files.length > 0) {
            var truncatedFiles = requestBody.files.slice(0, 10); // set 10 to limit number of rows
            var fileListDescription = truncatedFiles.join('\n');
            description += '\nAffected Files: \n' + fileListDescription;
        }

        return description;
    };

    var buildShortDescription = function(requestBody) {
        var userName = requestBody.userName;
        var nes = requestBody.nes;
        var shares = requestBody.shares;
        var state = requestBody.state;
        var affectedClusters = nes.join(", ");
        var shareNames = shares.map(function(share) {
            return share.name;
        }).join(", ");
        var id = requestBody.id;
        var severity = requestBody.severity;

        if (severity == "MONITOR") {
            return 'Ransomware Defender Alert - Webhook Test Monitor mode enabled';
        }

        return 'Ransomware Defender Alert - ' + id + ' - Affected User ' + userName;
    };

    var setIncidentSeverity = function(incident, severity) {
        var severityMap = {
            "CRITICAL": {
                impact: 1, // High
                urgency: 1 // High
            },
            "MAJOR": {
                impact: 1, // High
                urgency: 2 // Medium
            },
            "MONITOR": {
                impact: 2, // Medium
                urgency: 3 // Low
            },
            "WARNING": {
                impact: 3, // Low
                urgency: 3 // Low
            }
        };

        // Set the impact and urgency by mapping severity and priority from payload of webhook
        if (severityMap[severity]) {
            incident.impact = severityMap[severity].impact;
            incident.urgency = severityMap[severity].urgency;
        }
    };

    var closeIncident = function(incident) {
        incident.incident_state = 6; // Resolved state
        incident.u_customer_contacted = 4; // Customer contact not required
        incident.close_code = 'Solved (Permanently)'; // Resolved
        incident.close_notes = 'Closed automatically by script due to MONITOR severity.';
        incident.cmdb_ci = 'a8b73a01474f4a10622e4438946d43b1'; // Ransomware Defender
        incident.update();
    };

    var findExistingIncident = function(eventId) {
        var gr = new GlideRecord('incident');
        gr.addQuery('u_superna_event_id', eventId); // field query custom field, not required query
        // gr.addQuery('short_description', 'CONTAINS', eventId);
        gr.query();

        if (gr.next()) {
            return gr;
        } else {
            return null; // search failed to locate an existing incident
        }
    };

    var requestBody = parseRequestBody(request.body.dataString);

    var eventId = '#' + requestBody.id; // find event ID in the description of the incident in SN
    var incident = findExistingIncident(eventId);
    var isNewIncident = !incident; // if incident search is false null then isnewincidnet is set to true.

    if (isNewIncident) {
        incident = new GlideRecord('incident');

        incident.short_description = buildShortDescription(requestBody);
        incident.caller_id = 'eyeglass';
        incident.category = 'security';
        incident.subcategory = 'ransomware';
        incident.location = '61e9c2956fad6940e59533d9ea3ee46c'; // NSSC. - custom to remove
        incident.u_preferred_contact_number = 'N/A';
        incident.u_superna_event_id = eventId; // custom event for eventid that is not required with description
    }

    incident.description = buildDescription(requestBody); // Original
    incident.work_notes = buildDescription(requestBody); // Changed to work_notes as we don't use description
    setIncidentSeverity(incident, requestBody.severity);

    var sysId;

    if (!incident.sys_id) { // if search for incident failed then this will also be false
        sysId = incident.insert(); // add new incident
    } else {
        incident.update(); // if the search was successful then update the notes with new payload
        sysId = incident.sys_id; // sets sysid of the record after the update is completed
    }

    if (sysId) { // if this variable has value sysid new incident was successful
        gs.info('@@@Incident created successfully. Sys ID: ' + sysId + ', Number: ' + incident.number); // Added '@@@'

        if (requestBody.severity === 'MONITOR') { // we don't want incidents created if in monitor mode but a record of the incident in closed state.
            closeIncident(incident);
            gs.info('@@@ Incident closed due to MONITOR severity. Sys ID: ' + sysId); // Added '@@@'
        }

        response.setStatus(201);
        response.setBody({
            'sys_id': sysId,
            'number': incident.number,
            'status': (requestBody.severity === 'MONITOR') ? 'Closed' : 'Open'
        });
    } else {
        gs.error('Failed to create incident.');
        response.setStatus(500);
        response.setBody({
            'error': 'Failed to create incident.'
        });
    }

})(request, response);