From bea77568b33e029feed96a076ae7d1a693418157 Mon Sep 17 00:00:00 2001
From: SeAndersonT <seandersont@gmail.com>
Date: Thu, 15 May 2025 11:19:50 -0500
Subject: [PATCH] changed decision_environment to eda/rulebooks

---
 eda/rulebooks/insights_detection.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 eda/rulebooks/insights_detection.yml

diff --git a/eda/rulebooks/insights_detection.yml b/eda/rulebooks/insights_detection.yml
new file mode 100644
index 0000000..142cdb6
--- /dev/null
+++ b/eda/rulebooks/insights_detection.yml
@@ -0,0 +1,19 @@
+---
+- name: Listen for Red Hat Insights events
+  hosts: localhost
+  sources:
+    - redhat.insights_eda.insights:
+        host: 0.0.0.0
+        port: 5000
+  rules:
+    - name: Match Malware detected-malware event
+      condition: 
+        event.payload.application == "malware-detection"
+        and event.payload.event_type == "detected-malware"
+      action:
+        run_job_template:
+          name: "handle-malware-detection"
+          organization: Default
+          job_args: 
+            extra_vars: "{{ event.payload }}"
+