From 5b77a318aac36c9cc13baa89e2947bfb415943b6 Mon Sep 17 00:00:00 2001
From: Miguel Negron <manegron@redborder.com>
Date: Tue, 9 Jul 2024 13:12:27 +0100
Subject: [PATCH 1/2] add incident enrichment

---
 resources/providers/config.rb                          | 10 ++++++++++
 .../default/intrusion_incident_enrichment.conf.erb     |  6 ++++++
 2 files changed, 16 insertions(+)
 create mode 100644 resources/templates/default/intrusion_incident_enrichment.conf.erb

diff --git a/resources/providers/config.rb b/resources/providers/config.rb
index 79be51e..6335f9f 100644
--- a/resources/providers/config.rb
+++ b/resources/providers/config.rb
@@ -861,6 +861,16 @@
         notifies :restart, 'service[logstash]', :delayed
       end
 
+      template "#{pipelines_dir}/intrusion/05_incident_enrichment.conf" do
+        source 'intrusion_incident_enrichment.conf.erb'
+        owner user
+        group user
+        mode '0644'
+        ignore_failure true
+        cookbook 'logstash'
+        notifies :restart, 'service[logstash]', :delayed
+      end
+
       template "#{pipelines_dir}/intrusion/98_encode.conf" do
         source 'intrusion_encode.conf.erb'
         owner user
diff --git a/resources/templates/default/intrusion_incident_enrichment.conf.erb b/resources/templates/default/intrusion_incident_enrichment.conf.erb
new file mode 100644
index 0000000..adaafbd
--- /dev/null
+++ b/resources/templates/default/intrusion_incident_enrichment.conf.erb
@@ -0,0 +1,6 @@
+filter {
+  incident_enrichment { 
+    incident_fields => ["src","src_port", "dst", "dst_port"]
+    source => "redBorder Intrusion"
+  }
+}

From 3d4a086811ff47bfa60bfd66f64140a99816f5ff Mon Sep 17 00:00:00 2001
From: Miguel Negron <manegron@redborder.com>
Date: Tue, 16 Jul 2024 11:07:28 +0100
Subject: [PATCH 2/2] Release 2.3.0

---
 CHANGELOG.md          | 13 +++++++++++++
 resources/metadata.rb |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 622471d..f7f8b7b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,19 @@
 cookbook-logstash CHANGELOG
 ===============
 
+## 2.3.0
+
+  - Miguel Negrón
+    - [cdc7551] Merge pull request #48 from redBorder/feature/incident_response
+  - JuanSheba
+    - [6fa06e7] Release 2.2.0
+  - Juan Soto
+    - [0411ec3] Merge pull request #47 from redBorder/feature/#17754_oberservation_id
+  - Miguel Negron
+    - [5b77a31] add incident enrichment
+  - David Vanhoucke
+    - [4a3bc21] add observation id for sflow
+
 ## 2.2.0
 
   - David Vanhoucke
diff --git a/resources/metadata.rb b/resources/metadata.rb
index e70f0d8..0a18609 100644
--- a/resources/metadata.rb
+++ b/resources/metadata.rb
@@ -3,4 +3,4 @@
 maintainer_email 'git@redborder.com'
 license          'AGPL-3.0'
 description      'Installs/Configures cookbook-logstash'
-version          '2.2.0'
+version          '2.3.0'