From 06e4e682ec471e0231e047a99fa54268d118a6eb Mon Sep 17 00:00:00 2001 From: jdv Date: Fri, 29 Nov 2024 16:03:08 +0100 Subject: [PATCH 01/13] init commit test extra meta --- .../user_guides/use_cases/blaas_to_firewall.mdx | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx new file mode 100644 index 000000000..f5952dc93 --- /dev/null +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -0,0 +1,12 @@ +--- +id: blaas_to_firewall +title: Use our blocklist directly in your firewall +sidebar_position: 10 +tags: [blaas,firewall,usecase] +--- + + +what we want to achieve, +technicailty score: overall and per section +required skills +estimated time \ No newline at end of file From efffe2103f6717a5b3645b828c2ba4e5d57ef38a Mon Sep 17 00:00:00 2001 From: jdv Date: Fri, 29 Nov 2024 16:06:43 +0100 Subject: [PATCH 02/13] gtp generated --- .../use_cases/blaas_to_firewall.mdx | 97 ++++++++++++++++++- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index f5952dc93..b10f528ac 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,8 +5,99 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- - -what we want to achieve, +/* what we want to achieve, technicailty score: overall and per section required skills -estimated time \ No newline at end of file +estimated time +*/ + +# **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** + +## **What We Want to Achieve** +Enhance your firewall’s protection by integrating CrowdSec’s **"Blocklist as a Service" (BLaaS)** feature. This service provides a dynamically updated list of malicious IPs and ranges from selected blocklists, hosted on an endpoint with basic authentication. By leveraging this integration, your firewall will proactively block known malicious actors, reducing attack surface and risk. + +--- + +## **Prerequisites** +Before starting, ensure you meet the following requirements: + +1. **Firewall Capabilities**: + - Your firewall supports creating rules from an IP or CIDR list hosted on a given endpoint. + - The list must be accessible via **basic authentication**. + +2. **BLaaS Integration**: + - You have a valid CrowdSec BLaaS configuration, exposing the merged blocklist endpoint. + - Ensure the blocklists attached to this integration match your security policies. + - Documentation: [Configuring BLaaS](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). + +3. **Access and Credentials**: + - Verify access to the BLaaS endpoint with provided basic auth credentials. + +4. **Network and API Access**: + - The firewall can access external endpoints over the internet or a designated network. + +5. **Testing Environment**: + - Ensure a testing setup is available to validate the integration before deploying it in production. + +--- + +## **Technicality Score** +- **Overall**: 🟠 Moderate (requires firewall configuration and API usage) +- **Section Breakdown**: + - **Firewall Compatibility Check**: 🟢 Easy + - **Retrieving Blocklists via BLaaS**: 🟡 Moderate + - **Configuring the Firewall**: 🟠 Moderate to Complex (depends on the firewall) + - **Testing & Maintenance**: 🟢 Easy to Moderate + +--- + +## **Required Skills** +- Basic understanding of networking and firewalls. +- Familiarity with basic authentication and endpoint configurations. +- Experience with REST APIs or CLI tools is helpful but not mandatory. + +--- + +## **Estimated Time** +- **Compatibility Check**: 15 minutes +- **BLaaS Setup Validation**: 15–30 minutes +- **Firewall Configuration**: 1–2 hours +- **Testing and Fine-Tuning**: 30–60 minutes +**Total Time**: ~2.5–4 hours + +--- + +## **Steps to Achieve This Goal** + +### 1. **Check Firewall Compatibility** + - Verify that your firewall can: + - Fetch and process an external list of IPs or CIDRs. + - Authenticate to endpoints using basic authentication. + - Refer to your firewall's documentation or CrowdSec’s [Supported Firewalls Guide](https://doc.crowdsec.net/docs/firewalls/overview/). + +### 2. **Validate Your BLaaS Configuration** + - Ensure your BLaaS endpoint is configured and accessible. + - Use the credentials to test access via tools like `curl` or Postman: + ```bash + curl -u username:password https://your-blaas-endpoint/blocklist + ``` + - Confirm the endpoint returns a properly formatted list of IPs and ranges. + - Documentation: [BLaaS Overview](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). + +### 3. **Integrate Blocklists Into Your Firewall** + - Configure your firewall to fetch the list at regular intervals. + - Apply rules to enforce blocking based on the retrieved IPs and CIDRs. + - Example configurations for common firewalls are available in the [Firewall Integration Guide](https://doc.crowdsec.net/docs/using-crowdsec/firewall/). + +### 4. **Test and Verify** + - Simulate traffic from a blocked IP to verify that the firewall correctly applies the rules. + - Review logs to ensure legitimate traffic isn’t inadvertently blocked. + +### 5. **Automate and Maintain** + - Schedule periodic updates for the blocklist (e.g., cron jobs for API pulls). + - Monitor the firewall and CrowdSec logs for performance and effectiveness. + - Refer to [Monitoring Best Practices](https://doc.crowdsec.net/docs/monitoring/overview/). + +--- + +By integrating CrowdSec’s "Blocklist as a Service" into your firewall, you gain access to dynamic, community-powered threat intelligence that keeps your infrastructure secure. For more detailed configuration examples and troubleshooting, explore the [CrowdSec Documentation](https://doc.crowdsec.net/). From 0c0df7a97941679728e1a3a11bee9bc4d7814782 Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 2 Dec 2024 10:34:00 +0100 Subject: [PATCH 03/13] + --- .../user_guides/use_cases/blaas_to_firewall.mdx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index b10f528ac..2aa54b6b4 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,12 +5,26 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- +| **Difficulty** | 1/5 | +| **CrowdSec Service Setup Time** | 5 minutes | +| **Firewall Configuration Time** | 5~10 minutes | +| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | + +# Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall + + + /* what we want to achieve, technicailty score: overall and per section required skills estimated time */ + + + +//////////// GPT generated + # **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** ## **What We Want to Achieve** From d664af657d2fd06040f1259cf37af03d8fad3602 Mon Sep 17 00:00:00 2001 From: jdv Date: Thu, 12 Dec 2024 09:35:02 +0100 Subject: [PATCH 04/13] nuking the Blocklist doc --- crowdsec-docs/docs/concepts.md | 2 +- crowdsec-docs/sidebarsUnversioned.js | 27 ++++++++++------ .../blaas_integrations}/checkpoint.mdx | 0 .../blaas_integrations}/cisco.mdx | 0 .../blaas_integrations}/f5.mdx | 0 .../blaas_integrations}/fortinet.mdx | 0 .../blaas_integrations}/genericvendor.mdx | 0 .../blaas_integrations}/intro.mdx | 2 +- .../blaas_integrations}/paloalto.mdx | 0 .../remediationcomponent.mdx | 0 .../blaas_integrations}/sophos.mdx | 0 .../blocklists/getting_started.mdx | 2 +- .../use_cases/blaas_to_firewall.mdx | 31 +++++++++++++------ 13 files changed, 42 insertions(+), 22 deletions(-) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/checkpoint.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/cisco.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/f5.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/fortinet.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/genericvendor.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/intro.mdx (97%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/paloalto.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/remediationcomponent.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/sophos.mdx (100%) diff --git a/crowdsec-docs/docs/concepts.md b/crowdsec-docs/docs/concepts.md index c2c26af10..e6b9ed06e 100644 --- a/crowdsec-docs/docs/concepts.md +++ b/crowdsec-docs/docs/concepts.md @@ -40,7 +40,7 @@ The Local API (abreviated as `LAPI`) has several functions: > The Remediation Components (also called `Bouncers`) are external components in charge of enforcing decisions. Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked *(or other supported types or remediations such as Captcha, supported by some of our Bouncers).* -*Note that they also support [CrowdSec's Blocklist as a Service](/u/integrations/intro).* +*Note that they also support [CrowdSec's Blocklist as a Service](/u/blocklists/blaas_integrations/intro).* Those Decisions can be based on behavioral detection made by the `LP` or from Blocklists. diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 7cda202f4..226ffc137 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -375,18 +375,18 @@ module.exports = { type: "category", link: { type: "doc", - id: "integrations/intro", + id: "blaas_integrations/intro", }, - label: "Integrations", + label: "Blocklist as a Service", items: [ - "integrations/cisco", - "integrations/checkpoint", - "integrations/f5", - "integrations/fortinet", - "integrations/paloalto", - "integrations/sophos", - "integrations/genericfirewall", - "integrations/remediationcomponent", + "blaas_integrations/cisco", + "blaas_integrations/checkpoint", + "blaas_integrations/f5", + "blaas_integrations/fortinet", + "blaas_integrations/paloalto", + "blaas_integrations/sophos", + "blaas_integrations/genericfirewall", + "blaas_integrations/remediationcomponent", ], }, ], @@ -456,6 +456,13 @@ module.exports = { ], guidesSideBar: [ "user_guides/intro", + { + type: "category", + label: "Use cases", + items: [ + "user_guides/use_cases/blaas_to_firewall", + ], + }, { type: "category", label: "Management", diff --git a/crowdsec-docs/unversioned/integrations/checkpoint.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/checkpoint.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/checkpoint.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/checkpoint.mdx diff --git a/crowdsec-docs/unversioned/integrations/cisco.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/cisco.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/cisco.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/cisco.mdx diff --git a/crowdsec-docs/unversioned/integrations/f5.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/f5.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/f5.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/f5.mdx diff --git a/crowdsec-docs/unversioned/integrations/fortinet.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/fortinet.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/fortinet.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/fortinet.mdx diff --git a/crowdsec-docs/unversioned/integrations/genericvendor.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/genericvendor.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/genericvendor.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/genericvendor.mdx diff --git a/crowdsec-docs/unversioned/integrations/intro.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx similarity index 97% rename from crowdsec-docs/unversioned/integrations/intro.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx index 5ea0f5bcf..81b9667ec 100644 --- a/crowdsec-docs/unversioned/integrations/intro.mdx +++ b/crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx @@ -56,7 +56,7 @@ Once you are on the Integrations page you can select the integration you would l - [Fortinet](integrations/fortinet.mdx) - [Palo Alto](integrations/paloalto.mdx) - [Sophos](integrations/sophos.mdx) -- [Generic Firewall](integrations/genericvendor.mdx) +- [Generic Firewall (Raw IP-List)](integrations/genericvendor.mdx) - [Remediation Component](integrations/remediationcomponent.mdx) :::info diff --git a/crowdsec-docs/unversioned/integrations/paloalto.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/paloalto.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/paloalto.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/paloalto.mdx diff --git a/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/remediationcomponent.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/remediationcomponent.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/remediationcomponent.mdx diff --git a/crowdsec-docs/unversioned/integrations/sophos.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/sophos.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/sophos.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/sophos.mdx diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx index 25973194f..6de9ffa01 100644 --- a/crowdsec-docs/unversioned/blocklists/getting_started.mdx +++ b/crowdsec-docs/unversioned/blocklists/getting_started.mdx @@ -23,7 +23,7 @@ Depending on which path you take you can start with the following guides: title="Integrations" description="A seemless way to integrate CrowdSec blocklists into your existing firewall, CDN, or other security solutions." image="Hero Blocklists.png" - link="/u/integrations/intro" + link="/u/blocklists/integrations/intro" />
If you're new to CrowdSec, and want to use blocklists we recommend starting with the [Integrations guide](integrations/intro.mdx), however, if you are unsure where to start, feel free to browse our [main website for more information](https://www.crowdsec.net/). diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 2aa54b6b4..a005c3cc3 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -12,15 +12,28 @@ tags: [blaas,firewall,usecase] # Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall - - -/* what we want to achieve, -technicailty score: overall and per section -required skills -estimated time -*/ - - +> Use CrowdSec's Blocklist within your firewall without the need to +install the CrowdSec agent. + +## **TL;DR; Who What How** +For this use case, you will need to: +- Create a Blocklist As A Service endpoint within the CrowdSec Console UI or API + - **Who**: Anybody with a browser + - **Skill Level**: Easy + - **Time**: 5 minutes *(including account creation)* + - **Minium Plan**: free +- Subscribe to the blocklist(s) you want to use + - **Who**: Anybody with a browser + - **Skill Level**: Easy + - **Time**: < 5 minutes + - **Minium Plan**: free +- Make a rule into your firewall that fetches the blocklist from the BLAAS endpoint (basic auth URL) + - **Who**: Firewall administrator + - **Skill Level**: Easy + - **Time**: 5~10 minutes + +++ Test that it works and evaluate performance +++ Scale and Automate >> SAPI >> centralize your own blokclists ++ link to other use cases //////////// GPT generated From 4e849ee68653b584671c3af27ee3306e4d8b4682 Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 16 Dec 2024 18:08:35 +0100 Subject: [PATCH 05/13] chamboulement --- .../blocklists/getting_started.mdx | 15 ++- crowdsec-docs/unversioned/blocklists/intro.md | 10 +- .../use_cases/blaas_to_firewall.mdx | 97 +------------------ 3 files changed, 22 insertions(+), 100 deletions(-) diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx index 6de9ffa01..d3ca88e79 100644 --- a/crowdsec-docs/unversioned/blocklists/getting_started.mdx +++ b/crowdsec-docs/unversioned/blocklists/getting_started.mdx @@ -1,24 +1,29 @@ --- id: getting_started -title: Getting Started +title: How to use CrowdSec Blocklists --- import ConsolePromo from '@site/src/components/ConsolePromo.js'; -There are two ways to get started with Blocklists: +There are two main paths to integrate CrowdSec blocklists into your infrastructure: -1. **Security Engine** - Use the CrowdSec Security Engine to ingest blocklists -2. **Integrations** - Use Integrations to ingest blocklists into firewall, CDN, or other security solutions +1. **Security Engine** - If you already have a CrowdSec Security Engine, you can use it to ingest blocklists +2. **Integrations** - For a purely SaaS approach, use Integrations to ingest blocklists into firewall, CDN, (...) via our Blockist as a Service Integrations endpoints Depending on which path you take you can start with the following guides: +# Security Engine Ingestion +If you already have security engines and remediation components installed in your infrastructure, you can follow the guide bellow. + -
+ +# SaaS Integration +If you want to use blocklists without installing the CrowdSec Security Engine you can follow the guide bellow. > SAPI >> centralize your own blokclists ++ link to other use cases +-------- -//////////// GPT generated - -# **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** - -## **What We Want to Achieve** -Enhance your firewall’s protection by integrating CrowdSec’s **"Blocklist as a Service" (BLaaS)** feature. This service provides a dynamically updated list of malicious IPs and ranges from selected blocklists, hosted on an endpoint with basic authentication. By leveraging this integration, your firewall will proactively block known malicious actors, reducing attack surface and risk. - ---- - -## **Prerequisites** -Before starting, ensure you meet the following requirements: - -1. **Firewall Capabilities**: - - Your firewall supports creating rules from an IP or CIDR list hosted on a given endpoint. - - The list must be accessible via **basic authentication**. - -2. **BLaaS Integration**: - - You have a valid CrowdSec BLaaS configuration, exposing the merged blocklist endpoint. - - Ensure the blocklists attached to this integration match your security policies. - - Documentation: [Configuring BLaaS](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). - -3. **Access and Credentials**: - - Verify access to the BLaaS endpoint with provided basic auth credentials. - -4. **Network and API Access**: - - The firewall can access external endpoints over the internet or a designated network. - -5. **Testing Environment**: - - Ensure a testing setup is available to validate the integration before deploying it in production. - ---- - -## **Technicality Score** -- **Overall**: 🟠 Moderate (requires firewall configuration and API usage) -- **Section Breakdown**: - - **Firewall Compatibility Check**: 🟢 Easy - - **Retrieving Blocklists via BLaaS**: 🟡 Moderate - - **Configuring the Firewall**: 🟠 Moderate to Complex (depends on the firewall) - - **Testing & Maintenance**: 🟢 Easy to Moderate - ---- - -## **Required Skills** -- Basic understanding of networking and firewalls. -- Familiarity with basic authentication and endpoint configurations. -- Experience with REST APIs or CLI tools is helpful but not mandatory. - ---- - -## **Estimated Time** -- **Compatibility Check**: 15 minutes -- **BLaaS Setup Validation**: 15–30 minutes -- **Firewall Configuration**: 1–2 hours -- **Testing and Fine-Tuning**: 30–60 minutes -**Total Time**: ~2.5–4 hours - ---- - -## **Steps to Achieve This Goal** - -### 1. **Check Firewall Compatibility** - - Verify that your firewall can: - - Fetch and process an external list of IPs or CIDRs. - - Authenticate to endpoints using basic authentication. - - Refer to your firewall's documentation or CrowdSec’s [Supported Firewalls Guide](https://doc.crowdsec.net/docs/firewalls/overview/). - -### 2. **Validate Your BLaaS Configuration** - - Ensure your BLaaS endpoint is configured and accessible. - - Use the credentials to test access via tools like `curl` or Postman: - ```bash - curl -u username:password https://your-blaas-endpoint/blocklist - ``` - - Confirm the endpoint returns a properly formatted list of IPs and ranges. - - Documentation: [BLaaS Overview](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). - -### 3. **Integrate Blocklists Into Your Firewall** - - Configure your firewall to fetch the list at regular intervals. - - Apply rules to enforce blocking based on the retrieved IPs and CIDRs. - - Example configurations for common firewalls are available in the [Firewall Integration Guide](https://doc.crowdsec.net/docs/using-crowdsec/firewall/). - -### 4. **Test and Verify** - - Simulate traffic from a blocked IP to verify that the firewall correctly applies the rules. - - Review logs to ensure legitimate traffic isn’t inadvertently blocked. - -### 5. **Automate and Maintain** - - Schedule periodic updates for the blocklist (e.g., cron jobs for API pulls). - - Monitor the firewall and CrowdSec logs for performance and effectiveness. - - Refer to [Monitoring Best Practices](https://doc.crowdsec.net/docs/monitoring/overview/). - ---- - -By integrating CrowdSec’s "Blocklist as a Service" into your firewall, you gain access to dynamic, community-powered threat intelligence that keeps your infrastructure secure. For more detailed configuration examples and troubleshooting, explore the [CrowdSec Documentation](https://doc.crowdsec.net/). +[ ] Move u/integrations/ to u/console/blaas_integrations/ + [ ] start with + - Need to create console account + - link of alternative via SAPI From 5d4b61779f83bd6e8e460735c4a709b8090e63c7 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 11:38:03 +0100 Subject: [PATCH 06/13] fix ids in sidebar unversionned --- crowdsec-docs/sidebarsUnversioned.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 226ffc137..0ddac184a 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -375,18 +375,18 @@ module.exports = { type: "category", link: { type: "doc", - id: "blaas_integrations/intro", + id: "blocklists/blaas_integrations/intro", }, label: "Blocklist as a Service", items: [ - "blaas_integrations/cisco", - "blaas_integrations/checkpoint", - "blaas_integrations/f5", - "blaas_integrations/fortinet", - "blaas_integrations/paloalto", - "blaas_integrations/sophos", - "blaas_integrations/genericfirewall", - "blaas_integrations/remediationcomponent", + "blocklists/blaas_integrations/cisco", + "blocklists/blaas_integrations/checkpoint", + "blocklists/blaas_integrations/f5", + "blocklists/blaas_integrations/fortinet", + "blocklists/blaas_integrations/paloalto", + "blocklists/blaas_integrations/sophos", + "blocklists/blaas_integrations/genericfirewall", + "blocklists/blaas_integrations/remediationcomponent", ], }, ], From bc7e8256d7d145ebab999469e21a78f98601e719 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 16:47:11 +0100 Subject: [PATCH 07/13] fixed side bar for usecase --- crowdsec-docs/sidebarsUnversioned.js | 6 ++- .../use_cases/blaas_to_firewall.mdx | 39 +++++++++++-------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 0ddac184a..acaef3cba 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -460,7 +460,11 @@ module.exports = { type: "category", label: "Use cases", items: [ - "user_guides/use_cases/blaas_to_firewall", + { + type: "doc", + label: "Blocklist to Firewall", + id: "user_guides/use_cases/blaas_to_firewall", + }, ], }, { diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 7b881cfa2..2367a9810 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,39 +5,44 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- -| **Difficulty** | 1/5 | -| **CrowdSec Service Setup Time** | 5 minutes | -| **Firewall Configuration Time** | 5~10 minutes | -| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | +| :------------------------------ | :----------- | +| **Difficulty** | 1/5 | +| **CrowdSec Service Setup Time** | 5 minutes | +| **Firewall Configuration Time** | 5~10 minutes | +| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | # Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall -> Use CrowdSec's Blocklist within your firewall without the need to -install the CrowdSec agent. +> Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. -## **TL;DR; Who What How** +## **Steps to follow** For this use case, you will need to: -- Create a Blocklist As A Service endpoint within the CrowdSec Console UI or API +- [Create a **Blocklist As A Service endpoint** within the CrowdSec Console UI or API](/u/blocklists/blaas_integrations/intro) - **Who**: Anybody with a browser - **Skill Level**: Easy - **Time**: 5 minutes *(including account creation)* - **Minium Plan**: free -- Subscribe to the blocklist(s) you want to use +- [**Subscribe** to the blocklist(s) you want to use](u/console/blocklists/subscription) - **Who**: Anybody with a browser - **Skill Level**: Easy - **Time**: < 5 minutes - **Minium Plan**: free -- Make a rule into your firewall that fetches the blocklist from the BLAAS endpoint (basic auth URL) +- Make a **rule into your firewall** that fetches the blocklist from the BLAAS endpoint (basic auth URL) - **Who**: Firewall administrator - **Skill Level**: Easy - **Time**: 5~10 minutes -++ Test that it works and evaluate performance -++ Scale and Automate >> SAPI >> centralize your own blokclists ++ link to other use cases +## Test that it works and evaluate performance +Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist. +Note that --------- -[ ] Move u/integrations/ to u/console/blaas_integrations/ - [ ] start with - - Need to create console account - - link of alternative via SAPI +# Next step: Scale and Automate +You can use CrowdSec Service API (SAPI) to automate both: +- [**creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) +- And [**blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) + +You can also look into [**creating**](/u/service_api/quickstart/blocklists#create-a-blocklist) and Sharing your own blocklists via SAPI. +Check out our [swagger for SAPI ↗️](https://admin.api.crowdsec.net/v1/docs#/) + +*(usecase coming soon)* \ No newline at end of file From dc0a20a90d7626eb95ef3f80103c260a44c5730b Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 17:02:34 +0100 Subject: [PATCH 08/13] fixing table --- .../unversioned/user_guides/use_cases/blaas_to_firewall.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 2367a9810..ea64b356a 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,6 +5,7 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- +| Use Case Hints | | | :------------------------------ | :----------- | | **Difficulty** | 1/5 | | **CrowdSec Service Setup Time** | 5 minutes | From 707a0e05ac542a5863427b210c3d2ad97b4e3bd6 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 17:33:09 +0100 Subject: [PATCH 09/13] changed table format --- .../use_cases/blaas_to_firewall.mdx | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index ea64b356a..c37cca560 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,17 +5,29 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- -| Use Case Hints | | -| :------------------------------ | :----------- | -| **Difficulty** | 1/5 | -| **CrowdSec Service Setup Time** | 5 minutes | -| **Firewall Configuration Time** | 5~10 minutes | -| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | - -# Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall +# Integrating CrowdSec Blocklists Directly Into Your Firewall > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. + + + + + + + + + + + + + + + + + +
Difficulty1/5
CrowdSec Service Setup Time5 minutes
Firewall Configuration Time5~10 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
+ ## **Steps to follow** For this use case, you will need to: - [Create a **Blocklist As A Service endpoint** within the CrowdSec Console UI or API](/u/blocklists/blaas_integrations/intro) From 910494cd3707f509a29c5c6ffd4c8f3d99da9355 Mon Sep 17 00:00:00 2001 From: jdv Date: Wed, 18 Dec 2024 09:03:45 +0100 Subject: [PATCH 10/13] trying jsx styling --- .../use_cases/blaas_to_firewall.mdx | 34 ++++++++++++------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index c37cca560..9aef03fa2 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -9,23 +9,31 @@ tags: [blaas,firewall,usecase] > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. - - - - +
Difficulty1/5
+ + + + - - - + + + + + - - - + + + - - - + + + + + + + +
Use Case Hints
CrowdSec Service Setup Time5 minutes
Difficulty1/5
Firewall Configuration Time5~10 minutes
CrowdSec Service Setup Time5 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
Firewall Configuration Time5~10 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
## **Steps to follow** From 2cbf5927246d73a27a9395cafaf8de735b6a8eb2 Mon Sep 17 00:00:00 2001 From: jdv Date: Wed, 18 Dec 2024 09:21:06 +0100 Subject: [PATCH 11/13] slight changes --- .../use_cases/blaas_to_firewall.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 9aef03fa2..578bf58cc 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -9,13 +9,8 @@ tags: [blaas,firewall,usecase] > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. +
- - - - - - @@ -35,6 +30,7 @@ tags: [blaas,firewall,usecase]
Use Case Hints
Difficulty
+
## **Steps to follow** For this use case, you will need to: @@ -54,14 +50,18 @@ For this use case, you will need to: - **Time**: 5~10 minutes ## Test that it works and evaluate performance +1. Check that the end point is providing the blocklist you subscribed to at the format you chose by running a `curl` command: +``` +curl -u : +``` +2. Check that the blocklist is being fetched by your firewall by observing the logs or metrics of your firewall. Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist. Note that - -# Next step: Scale and Automate +## Next step - Scale and Automate You can use CrowdSec Service API (SAPI) to automate both: -- [**creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) -- And [**blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) +- [**Creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) +- And [**Blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) You can also look into [**creating**](/u/service_api/quickstart/blocklists#create-a-blocklist) and Sharing your own blocklists via SAPI. Check out our [swagger for SAPI ↗️](https://admin.api.crowdsec.net/v1/docs#/) From 48c71299bb1c40eece3b854b09eaa35eec05f46a Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 6 Jan 2025 09:55:10 +0100 Subject: [PATCH 12/13] + --- .../unversioned/user_guides/use_cases/blaas_to_firewall.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 578bf58cc..2110ba845 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -8,6 +8,8 @@ tags: [blaas,firewall,usecase] # Integrating CrowdSec Blocklists Directly Into Your Firewall > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. +> // Preemptive security greatly reducing mass attacks and saving resources at the same time. +// or Turn your FW in preemptive mode with CS blocklist to block malicious ips before they reach you and reduce drastically the volume of alars for your soc
@@ -39,7 +41,7 @@ For this use case, you will need to: - **Skill Level**: Easy - **Time**: 5 minutes *(including account creation)* - **Minium Plan**: free -- [**Subscribe** to the blocklist(s) you want to use](u/console/blocklists/subscription) +- [**Subscribe** to the blocklist(s) you want to use](/u/console/blocklists/subscription) - **Who**: Anybody with a browser - **Skill Level**: Easy - **Time**: < 5 minutes @@ -56,7 +58,7 @@ curl -u : ``` 2. Check that the blocklist is being fetched by your firewall by observing the logs or metrics of your firewall. Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist. -Note that + ## Next step - Scale and Automate You can use CrowdSec Service API (SAPI) to automate both: From d630d5c6bd2abd076f1a1cb8cc48078f16e750bc Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 13 Jan 2025 17:30:03 +0100 Subject: [PATCH 13/13] fixed link to integ intro from getting started --- crowdsec-docs/unversioned/blocklists/getting_started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx index d3ca88e79..38d1377fc 100644 --- a/crowdsec-docs/unversioned/blocklists/getting_started.mdx +++ b/crowdsec-docs/unversioned/blocklists/getting_started.mdx @@ -28,7 +28,7 @@ If you want to use blocklists without installing the CrowdSec Security Engine yo title="Integrations" description="A seemless way to integrate CrowdSec blocklists into your existing firewall, CDN, or other security solutions." image="Hero Blocklists.png" - link="/u/blocklists/integrations/intro" + link="/u/blocklists/blaas_integrations/intro" />
If you're new to CrowdSec, and want to use blocklists we recommend starting with the [Integrations guide](integrations/intro.mdx), however, if you are unsure where to start, feel free to browse our [main website for more information](https://www.crowdsec.net/).