From f7aa4962e8dd4d5384d3de106298d7699358d371 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Wed, 5 Nov 2025 18:34:15 +0000 Subject: [PATCH 1/5] Add malware threshold to logstash cookbook --- resources/recipes/configure.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb index fcafa45..82502c9 100644 --- a/resources/recipes/configure.rb +++ b/resources/recipes/configure.rb @@ -665,6 +665,7 @@ mobility_nodes node.run_state['mobility_sensors_info'] intrusion_incidents_priority_filter node['redborder']['intrusion_incidents_priority_filter'] vault_incidents_priority_filter node['redborder']['vault_incidents_priority_filter'] + malware_score_threshold node['redborder']['manager']['malware']['threshold'] logstash_pipelines node.run_state['pipelines'] split_traffic_logstash split_traffic split_intrusion_logstash split_intrusion From 61e2c737fcd48d986e8991964bf1e8abc146eaa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Thu, 6 Nov 2025 11:27:54 +0000 Subject: [PATCH 2/5] Pass malware score threshold as int --- resources/recipes/configure.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb index 82502c9..29c72b2 100644 --- a/resources/recipes/configure.rb +++ b/resources/recipes/configure.rb @@ -665,7 +665,7 @@ mobility_nodes node.run_state['mobility_sensors_info'] intrusion_incidents_priority_filter node['redborder']['intrusion_incidents_priority_filter'] vault_incidents_priority_filter node['redborder']['vault_incidents_priority_filter'] - malware_score_threshold node['redborder']['manager']['malware']['threshold'] + malware_score_threshold node['redborder']['manager']['malware']['threshold'].to_i logstash_pipelines node.run_state['pipelines'] split_traffic_logstash split_traffic split_intrusion_logstash split_intrusion From eb5a22b253d43575c96b0ebbb405983d0f85be1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Fri, 7 Nov 2025 18:22:58 +0000 Subject: [PATCH 3/5] Add malware_incidents_priority --- resources/attributes/default.rb | 1 + resources/recipes/configure.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb index 3cb942e..31cb616 100644 --- a/resources/attributes/default.rb +++ b/resources/attributes/default.rb @@ -313,6 +313,7 @@ default['redborder']['manager']['malware'] = {} default['redborder']['manager']['malware']['threshold'] = 50 +default['redborder']['manager']['malware']['malware_incidents_priority'] = 'high' default['redborder']['manager']['loaders']['scores'] = {} default['redborder']['manager']['loaders']['scores']['hash'] = {} diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb index 63a3fc7..e912c71 100644 --- a/resources/recipes/configure.rb +++ b/resources/recipes/configure.rb @@ -667,6 +667,7 @@ intrusion_incidents_priority_filter node['redborder']['intrusion_incidents_priority_filter'] vault_incidents_priority_filter node['redborder']['vault_incidents_priority_filter'] malware_score_threshold node['redborder']['manager']['malware']['threshold'].to_i + malware_incidents_priority node['redborder']['manager']['malware']['malware_incidents_priority'] logstash_pipelines node.run_state['pipelines'] split_traffic_logstash split_traffic split_intrusion_logstash split_intrusion From 3c8dec1373a5a40293adbdb25478a37a17ca7b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Mon, 10 Nov 2025 10:27:17 +0000 Subject: [PATCH 4/5] Change high to critical --- resources/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb index 31cb616..9bd4c30 100644 --- a/resources/attributes/default.rb +++ b/resources/attributes/default.rb @@ -313,7 +313,7 @@ default['redborder']['manager']['malware'] = {} default['redborder']['manager']['malware']['threshold'] = 50 -default['redborder']['manager']['malware']['malware_incidents_priority'] = 'high' +default['redborder']['manager']['malware']['malware_incidents_priority'] = 'critical' default['redborder']['manager']['loaders']['scores'] = {} default['redborder']['manager']['loaders']['scores']['hash'] = {} From f3c4324a48c9c281c289c6bd56058e5a4a47b075 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20P=C3=A9rez?= Date: Mon, 10 Nov 2025 12:21:04 +0000 Subject: [PATCH 5/5] Fix attribute name --- resources/attributes/default.rb | 2 +- resources/recipes/configure.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb index 9bd4c30..cd5d4cc 100644 --- a/resources/attributes/default.rb +++ b/resources/attributes/default.rb @@ -313,7 +313,7 @@ default['redborder']['manager']['malware'] = {} default['redborder']['manager']['malware']['threshold'] = 50 -default['redborder']['manager']['malware']['malware_incidents_priority'] = 'critical' +default['redborder']['manager']['malware']['incidents_priority'] = 'critical' default['redborder']['manager']['loaders']['scores'] = {} default['redborder']['manager']['loaders']['scores']['hash'] = {} diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb index e912c71..4b5ef86 100644 --- a/resources/recipes/configure.rb +++ b/resources/recipes/configure.rb @@ -667,7 +667,7 @@ intrusion_incidents_priority_filter node['redborder']['intrusion_incidents_priority_filter'] vault_incidents_priority_filter node['redborder']['vault_incidents_priority_filter'] malware_score_threshold node['redborder']['manager']['malware']['threshold'].to_i - malware_incidents_priority node['redborder']['manager']['malware']['malware_incidents_priority'] + malware_incidents_priority node['redborder']['manager']['malware']['incidents_priority'] logstash_pipelines node.run_state['pipelines'] split_traffic_logstash split_traffic split_intrusion_logstash split_intrusion