Merge pull request #50 from redBorder/development

Release 2.3.0
redBorder · Jul 16, 2024 · 5350203 · 5350203
2 parents be2b1e2 + 3d4a086
commit 5350203
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,19 @@
 cookbook-logstash CHANGELOG
 ===============
 
+## 2.3.0
+
+  - Miguel Negrón
+    - [cdc7551] Merge pull request #48 from redBorder/feature/incident_response
+  - JuanSheba
+    - [6fa06e7] Release 2.2.0
+  - Juan Soto
+    - [0411ec3] Merge pull request #47 from redBorder/feature/#17754_oberservation_id
+  - Miguel Negron
+    - [5b77a31] add incident enrichment
+  - David Vanhoucke
+    - [4a3bc21] add observation id for sflow
+
 ## 2.2.0
 
   - David Vanhoucke

diff --git a/resources/metadata.rb b/resources/metadata.rb
@@ -3,4 +3,4 @@
 maintainer_email 'git@redborder.com'
 license          'AGPL-3.0'
 description      'Installs/Configures cookbook-logstash'
-version          '2.2.0'
+version          '2.3.0'
diff --git a/resources/providers/config.rb b/resources/providers/config.rb
@@ -861,6 +861,16 @@
         notifies :restart, 'service[logstash]', :delayed
       end
 
+      template "#{pipelines_dir}/intrusion/05_incident_enrichment.conf" do
+        source 'intrusion_incident_enrichment.conf.erb'
+        owner user
+        group user
+        mode '0644'
+        ignore_failure true
+        cookbook 'logstash'
+        notifies :restart, 'service[logstash]', :delayed
+      end
+
       template "#{pipelines_dir}/intrusion/98_encode.conf" do
         source 'intrusion_encode.conf.erb'
         owner user

diff --git a/resources/templates/default/intrusion_incident_enrichment.conf.erb b/resources/templates/default/intrusion_incident_enrichment.conf.erb
@@ -0,0 +1,6 @@
+filter {
+  incident_enrichment { 
+    incident_fields => ["src","src_port", "dst", "dst_port"]
+    source => "redBorder Intrusion"
+  }
+}