Skip to content

Commit

Permalink
Dont incident_enrichment if is already enriched
Browse files Browse the repository at this point in the history
  • Loading branch information
@manegron
manegron committed Dec 25, 2024
1 parent 43b5113 commit 69bb4b7
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 13 deletions.
10 changes: 6 additions & 4 deletions resources/templates/default/intrusion_incident_enrichment.conf.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
filter {
incident_enrichment {
incident_fields => ["src","src_port", "dst", "dst_port"]
source => "redBorder Intrusion"
incidents_priority_filter => "<%= @intrusion_incidents_priority_filter %>"
if ![incident_uuid] {
incident_enrichment {
incident_fields => ["src","src_port", "dst", "dst_port"]
source => "redBorder Intrusion"
incidents_priority_filter => "<%= @intrusion_incidents_priority_filter %>"
}
}
}
20 changes: 11 additions & 9 deletions resources/templates/default/vault_incident_enrichment.conf.erb
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
filter {
incident_enrichment {
incident_fields => ["fromhost_ip"]
source => "redBorder Vault"
incidents_priority_filter => "<%= @vault_incidents_priority_filter %>"
field_scores => {
"fromhost_ip" => 100
}
field_map => {
"fromhost_ip" => "ip"
if ![incident_uuid] {
incident_enrichment {
incident_fields => ["fromhost_ip"]
source => "redBorder Vault"
incidents_priority_filter => "<%= @vault_incidents_priority_filter %>"
field_scores => {
"fromhost_ip" => 100
}
field_map => {
"fromhost_ip" => "ip"
}
}
}
}

0 comments on commit 69bb4b7

Please sign in to comment.