From 3ef6f83f626fa0e697dd9c5da5db664f83ba3113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Tue, 27 Aug 2024 16:58:40 +0100 Subject: [PATCH 1/5] Added the incident priority filter --- resources/providers/config.rb | 6 ++++++ .../default/intrusion_incident_enrichment.conf.erb | 1 + 2 files changed, 7 insertions(+) diff --git a/resources/providers/config.rb b/resources/providers/config.rb index 9fd5ac7..3a5e4b2 100644 --- a/resources/providers/config.rb +++ b/resources/providers/config.rb @@ -48,6 +48,11 @@ hash_function: node['redborder']['rsyslog']['hash_function'] } end + begin + incidents_priority_filter = node['redborder']['incidents_priority_filter'] + rescue + incidents_priority_filter = 'high' + begin monitors_dg = data_bag_item('rBglobal', 'monitors') rescue @@ -858,6 +863,7 @@ mode '0644' ignore_failure true cookbook 'logstash' + variables(incidents_priority_filter: incidents_priority_filter) notifies :restart, 'service[logstash]', :delayed end diff --git a/resources/templates/default/intrusion_incident_enrichment.conf.erb b/resources/templates/default/intrusion_incident_enrichment.conf.erb index adaafbd..dc51203 100644 --- a/resources/templates/default/intrusion_incident_enrichment.conf.erb +++ b/resources/templates/default/intrusion_incident_enrichment.conf.erb @@ -2,5 +2,6 @@ filter { incident_enrichment { incident_fields => ["src","src_port", "dst", "dst_port"] source => "redBorder Intrusion" + incidents_priority_filter => "<%= @incidents_priority_filter %>" } } From 36ebff55ac8711308f2d7263dbd978557fccb1af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Tue, 27 Aug 2024 17:17:32 +0100 Subject: [PATCH 2/5] fix syntax --- resources/providers/config.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/resources/providers/config.rb b/resources/providers/config.rb index 3a5e4b2..e64a8b5 100644 --- a/resources/providers/config.rb +++ b/resources/providers/config.rb @@ -52,7 +52,8 @@ incidents_priority_filter = node['redborder']['incidents_priority_filter'] rescue incidents_priority_filter = 'high' - + end + begin monitors_dg = data_bag_item('rBglobal', 'monitors') rescue From 39bfe8b0edd7e313e25739d803d94dc76dc1751f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Tue, 27 Aug 2024 17:19:56 +0100 Subject: [PATCH 3/5] lint --- resources/providers/config.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/providers/config.rb b/resources/providers/config.rb index e64a8b5..bcc2d46 100644 --- a/resources/providers/config.rb +++ b/resources/providers/config.rb @@ -53,7 +53,7 @@ rescue incidents_priority_filter = 'high' end - + begin monitors_dg = data_bag_item('rBglobal', 'monitors') rescue From dc5ec28cd6c8cfaa54fa4f0b015db471af43f00a Mon Sep 17 00:00:00 2001 From: Rafael Gomez Date: Wed, 4 Sep 2024 08:52:19 +0100 Subject: [PATCH 4/5] Release 2.4.1 --- CHANGELOG.md | 7 +++++++ resources/metadata.rb | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2893bd7..cc37ec4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ cookbook-logstash CHANGELOG =============== +## 2.4.1 + + - Pablo Pérez + - [39bfe8b] lint + - [36ebff5] fix syntax + - [3ef6f83] Added the incident priority filter + ## 2.4.0 - JuanSheba diff --git a/resources/metadata.rb b/resources/metadata.rb index 78c9010..758d84c 100644 --- a/resources/metadata.rb +++ b/resources/metadata.rb @@ -3,4 +3,4 @@ maintainer_email 'git@redborder.com' license 'AGPL-3.0' description 'Installs/Configures cookbook-logstash' -version '2.4.0' +version '2.4.1' From 034df07bededef08aa79b733fe4ee9f2f01e59f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=20G=C3=B3mez?= Date: Wed, 4 Sep 2024 09:20:07 +0100 Subject: [PATCH 5/5] Update CHANGELOG.md --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc37ec4..828cd1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,6 @@ cookbook-logstash CHANGELOG ## 2.4.1 - Pablo Pérez - - [39bfe8b] lint - - [36ebff5] fix syntax - [3ef6f83] Added the incident priority filter ## 2.4.0