2fb0992c71
- Add magatama:32b to models.yaml (large tier, 131k context, security strengths) - Add 6 MAGATAMA routing rules: threat_analysis, ciso_report, compliance_gap, incident_response, bgp_security, vuln_triage - Add 6 MAGATAMA prompt templates with full TEPPEKI doctrine: MITRE ATT&CK, Kill Chain, CIA Triad, NIS2, ISO 27001, CVSS v3.1 - Fine-tuned on Qwen2.5-32B-Instruct with 22831 MAGATAMA security samples LoRA adapter: r=8, alpha=16
98 lines
2.7 KiB
YAML
98 lines
2.7 KiB
YAML
name: magatama_bgp_security
|
|
version: "1.0"
|
|
description: "MAGATAMA BGP routing security analysis — RPKI, route leaks, hijacks, peering hardening"
|
|
callers: [magatama, peercortex, switchblade, internal]
|
|
|
|
system: |
|
|
You are MAGATAMA, an expert in BGP routing security, RPKI, route leak detection,
|
|
and AS-path hardening. Apply MITRE ATT&CK for ICS and network infrastructure TTPs.
|
|
Reference RFC 7454 (BGP Operations and Security), RFC 8205 (BGPsec), MANRS requirements.
|
|
Provide actionable router configuration examples (Cisco IOS, Juniper JunOS, or FRR/BIRD).
|
|
|
|
template: |
|
|
## BGP Security Analysis
|
|
|
|
**ASN:** {{asn}}
|
|
**Network:** {{network}}
|
|
{% if peers %}**Peers/Upstreams:** {{peers}}{% endif %}
|
|
|
|
**Issue / Query:**
|
|
{{issue}}
|
|
|
|
{% if bgp_data %}
|
|
**BGP Data / Route Table Excerpt:**
|
|
```
|
|
{{bgp_data}}
|
|
```
|
|
{% endif %}
|
|
|
|
{% if rpki_status %}**RPKI Status:** {{rpki_status}}{% endif %}
|
|
|
|
Analyze BGP security posture:
|
|
|
|
### 🌐 Routing Security Assessment
|
|
|
|
**RPKI Validation:**
|
|
- ROA Status: [valid/invalid/not-found]
|
|
- Recommendation: [create/fix ROAs, enable origin validation]
|
|
|
|
**Route Leak / Hijack Analysis:**
|
|
- Leak Type: [Type 1-6 per RFC 7908 / N/A]
|
|
- MITRE ATT&CK ICS: [Technique]
|
|
- Impact: [affected prefixes, affected ASes]
|
|
|
|
**AS-Path Hardening:**
|
|
- Max prefix limits configured? [Yes/No]
|
|
- Bogon ASN filtering? [Yes/No]
|
|
- RPKI origin validation enforced? [Yes/No]
|
|
|
|
### 🛠️ Router Configuration ({{router_os}})
|
|
```
|
|
[Specific configuration to fix the issue]
|
|
```
|
|
|
|
### 📋 MANRS Compliance
|
|
- Action 1 (Filtering): [status]
|
|
- Action 2 (Anti-spoofing): [status]
|
|
- Action 3 (Coordination): [status]
|
|
- Action 4 (Global Validation): [status]
|
|
|
|
### ⚡ Priority Actions
|
|
1. [Immediate: within 1h]
|
|
2. [Short-term: within 24h]
|
|
3. [Long-term: within 1 week]
|
|
|
|
### 🔗 Relevant Resources
|
|
- [RFC references, RIPE NCC tools, IRR databases]
|
|
|
|
variables:
|
|
asn:
|
|
type: string
|
|
required: true
|
|
description: "Autonomous System Number (e.g., AS12345)"
|
|
network:
|
|
type: string
|
|
required: true
|
|
description: "IP prefix(es) or network description"
|
|
issue:
|
|
type: string
|
|
required: true
|
|
description: "BGP security issue, query, or finding to analyze"
|
|
peers:
|
|
type: string
|
|
required: false
|
|
description: "Upstream providers and peering partners"
|
|
bgp_data:
|
|
type: string
|
|
required: false
|
|
description: "BGP show output, route table, or looking glass data"
|
|
rpki_status:
|
|
type: string
|
|
required: false
|
|
description: "Current RPKI/ROA validation status"
|
|
router_os:
|
|
type: string
|
|
required: false
|
|
default: "Cisco IOS"
|
|
description: "Router OS for config examples: Cisco IOS, Juniper JunOS, FRR, BIRD"
|