From c54ac2cd58a5bebb3637200cd0cdc4cb5c06b34f Mon Sep 17 00:00:00 2001 From: jdv Date: Fri, 29 Nov 2024 16:03:08 +0100 Subject: [PATCH 01/11] init commit test extra meta --- .../user_guides/use_cases/blaas_to_firewall.mdx | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx new file mode 100644 index 00000000..f5952dc9 --- /dev/null +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -0,0 +1,12 @@ +--- +id: blaas_to_firewall +title: Use our blocklist directly in your firewall +sidebar_position: 10 +tags: [blaas,firewall,usecase] +--- + + +what we want to achieve, +technicailty score: overall and per section +required skills +estimated time \ No newline at end of file From ee8f15bd1f83d9ad8dd98b067b0b4aaecb378c65 Mon Sep 17 00:00:00 2001 From: jdv Date: Fri, 29 Nov 2024 16:06:43 +0100 Subject: [PATCH 02/11] gtp generated --- .../use_cases/blaas_to_firewall.mdx | 97 ++++++++++++++++++- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index f5952dc9..b10f528a 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,8 +5,99 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- - -what we want to achieve, +/* what we want to achieve, technicailty score: overall and per section required skills -estimated time \ No newline at end of file +estimated time +*/ + +# **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** + +## **What We Want to Achieve** +Enhance your firewall’s protection by integrating CrowdSec’s **"Blocklist as a Service" (BLaaS)** feature. This service provides a dynamically updated list of malicious IPs and ranges from selected blocklists, hosted on an endpoint with basic authentication. By leveraging this integration, your firewall will proactively block known malicious actors, reducing attack surface and risk. + +--- + +## **Prerequisites** +Before starting, ensure you meet the following requirements: + +1. **Firewall Capabilities**: + - Your firewall supports creating rules from an IP or CIDR list hosted on a given endpoint. + - The list must be accessible via **basic authentication**. + +2. **BLaaS Integration**: + - You have a valid CrowdSec BLaaS configuration, exposing the merged blocklist endpoint. + - Ensure the blocklists attached to this integration match your security policies. + - Documentation: [Configuring BLaaS](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). + +3. **Access and Credentials**: + - Verify access to the BLaaS endpoint with provided basic auth credentials. + +4. **Network and API Access**: + - The firewall can access external endpoints over the internet or a designated network. + +5. **Testing Environment**: + - Ensure a testing setup is available to validate the integration before deploying it in production. + +--- + +## **Technicality Score** +- **Overall**: 🟠 Moderate (requires firewall configuration and API usage) +- **Section Breakdown**: + - **Firewall Compatibility Check**: 🟢 Easy + - **Retrieving Blocklists via BLaaS**: 🟡 Moderate + - **Configuring the Firewall**: 🟠 Moderate to Complex (depends on the firewall) + - **Testing & Maintenance**: 🟢 Easy to Moderate + +--- + +## **Required Skills** +- Basic understanding of networking and firewalls. +- Familiarity with basic authentication and endpoint configurations. +- Experience with REST APIs or CLI tools is helpful but not mandatory. + +--- + +## **Estimated Time** +- **Compatibility Check**: 15 minutes +- **BLaaS Setup Validation**: 15–30 minutes +- **Firewall Configuration**: 1–2 hours +- **Testing and Fine-Tuning**: 30–60 minutes +**Total Time**: ~2.5–4 hours + +--- + +## **Steps to Achieve This Goal** + +### 1. **Check Firewall Compatibility** + - Verify that your firewall can: + - Fetch and process an external list of IPs or CIDRs. + - Authenticate to endpoints using basic authentication. + - Refer to your firewall's documentation or CrowdSec’s [Supported Firewalls Guide](https://doc.crowdsec.net/docs/firewalls/overview/). + +### 2. **Validate Your BLaaS Configuration** + - Ensure your BLaaS endpoint is configured and accessible. + - Use the credentials to test access via tools like `curl` or Postman: + ```bash + curl -u username:password https://your-blaas-endpoint/blocklist + ``` + - Confirm the endpoint returns a properly formatted list of IPs and ranges. + - Documentation: [BLaaS Overview](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). + +### 3. **Integrate Blocklists Into Your Firewall** + - Configure your firewall to fetch the list at regular intervals. + - Apply rules to enforce blocking based on the retrieved IPs and CIDRs. + - Example configurations for common firewalls are available in the [Firewall Integration Guide](https://doc.crowdsec.net/docs/using-crowdsec/firewall/). + +### 4. **Test and Verify** + - Simulate traffic from a blocked IP to verify that the firewall correctly applies the rules. + - Review logs to ensure legitimate traffic isn’t inadvertently blocked. + +### 5. **Automate and Maintain** + - Schedule periodic updates for the blocklist (e.g., cron jobs for API pulls). + - Monitor the firewall and CrowdSec logs for performance and effectiveness. + - Refer to [Monitoring Best Practices](https://doc.crowdsec.net/docs/monitoring/overview/). + +--- + +By integrating CrowdSec’s "Blocklist as a Service" into your firewall, you gain access to dynamic, community-powered threat intelligence that keeps your infrastructure secure. For more detailed configuration examples and troubleshooting, explore the [CrowdSec Documentation](https://doc.crowdsec.net/). From 3570d3d95b0b0df3f16b43aada8540852c71685a Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 2 Dec 2024 10:34:00 +0100 Subject: [PATCH 03/11] + --- .../user_guides/use_cases/blaas_to_firewall.mdx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index b10f528a..2aa54b6b 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,12 +5,26 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- +| **Difficulty** | 1/5 | +| **CrowdSec Service Setup Time** | 5 minutes | +| **Firewall Configuration Time** | 5~10 minutes | +| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | + +# Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall + + + /* what we want to achieve, technicailty score: overall and per section required skills estimated time */ + + + +//////////// GPT generated + # **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** ## **What We Want to Achieve** From be5174b3b11d1d07180a9886c73ab7e295e4b925 Mon Sep 17 00:00:00 2001 From: jdv Date: Thu, 12 Dec 2024 09:35:02 +0100 Subject: [PATCH 04/11] nuking the Blocklist doc --- crowdsec-docs/docs/concepts.md | 2 +- crowdsec-docs/sidebarsUnversioned.js | 27 ++++++++++------ .../blaas_integrations}/checkpoint.mdx | 0 .../blaas_integrations}/cisco.mdx | 0 .../blaas_integrations}/f5.mdx | 0 .../blaas_integrations}/fortinet.mdx | 0 .../blaas_integrations}/genericvendor.mdx | 0 .../blaas_integrations}/intro.mdx | 2 +- .../blaas_integrations}/paloalto.mdx | 0 .../remediationcomponent.mdx | 0 .../blaas_integrations}/sophos.mdx | 0 .../blocklists/getting_started.mdx | 2 +- .../use_cases/blaas_to_firewall.mdx | 31 +++++++++++++------ 13 files changed, 42 insertions(+), 22 deletions(-) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/checkpoint.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/cisco.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/f5.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/fortinet.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/genericvendor.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/intro.mdx (97%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/paloalto.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/remediationcomponent.mdx (100%) rename crowdsec-docs/unversioned/{integrations => blocklists/blaas_integrations}/sophos.mdx (100%) diff --git a/crowdsec-docs/docs/concepts.md b/crowdsec-docs/docs/concepts.md index c2c26af1..e6b9ed06 100644 --- a/crowdsec-docs/docs/concepts.md +++ b/crowdsec-docs/docs/concepts.md @@ -40,7 +40,7 @@ The Local API (abreviated as `LAPI`) has several functions: > The Remediation Components (also called `Bouncers`) are external components in charge of enforcing decisions. Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked *(or other supported types or remediations such as Captcha, supported by some of our Bouncers).* -*Note that they also support [CrowdSec's Blocklist as a Service](/u/integrations/intro).* +*Note that they also support [CrowdSec's Blocklist as a Service](/u/blocklists/blaas_integrations/intro).* Those Decisions can be based on behavioral detection made by the `LP` or from Blocklists. diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 7cda202f..226ffc13 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -375,18 +375,18 @@ module.exports = { type: "category", link: { type: "doc", - id: "integrations/intro", + id: "blaas_integrations/intro", }, - label: "Integrations", + label: "Blocklist as a Service", items: [ - "integrations/cisco", - "integrations/checkpoint", - "integrations/f5", - "integrations/fortinet", - "integrations/paloalto", - "integrations/sophos", - "integrations/genericfirewall", - "integrations/remediationcomponent", + "blaas_integrations/cisco", + "blaas_integrations/checkpoint", + "blaas_integrations/f5", + "blaas_integrations/fortinet", + "blaas_integrations/paloalto", + "blaas_integrations/sophos", + "blaas_integrations/genericfirewall", + "blaas_integrations/remediationcomponent", ], }, ], @@ -456,6 +456,13 @@ module.exports = { ], guidesSideBar: [ "user_guides/intro", + { + type: "category", + label: "Use cases", + items: [ + "user_guides/use_cases/blaas_to_firewall", + ], + }, { type: "category", label: "Management", diff --git a/crowdsec-docs/unversioned/integrations/checkpoint.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/checkpoint.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/checkpoint.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/checkpoint.mdx diff --git a/crowdsec-docs/unversioned/integrations/cisco.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/cisco.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/cisco.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/cisco.mdx diff --git a/crowdsec-docs/unversioned/integrations/f5.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/f5.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/f5.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/f5.mdx diff --git a/crowdsec-docs/unversioned/integrations/fortinet.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/fortinet.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/fortinet.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/fortinet.mdx diff --git a/crowdsec-docs/unversioned/integrations/genericvendor.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/genericvendor.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/genericvendor.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/genericvendor.mdx diff --git a/crowdsec-docs/unversioned/integrations/intro.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx similarity index 97% rename from crowdsec-docs/unversioned/integrations/intro.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx index 5ea0f5bc..81b9667e 100644 --- a/crowdsec-docs/unversioned/integrations/intro.mdx +++ b/crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx @@ -56,7 +56,7 @@ Once you are on the Integrations page you can select the integration you would l - [Fortinet](integrations/fortinet.mdx) - [Palo Alto](integrations/paloalto.mdx) - [Sophos](integrations/sophos.mdx) -- [Generic Firewall](integrations/genericvendor.mdx) +- [Generic Firewall (Raw IP-List)](integrations/genericvendor.mdx) - [Remediation Component](integrations/remediationcomponent.mdx) :::info diff --git a/crowdsec-docs/unversioned/integrations/paloalto.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/paloalto.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/paloalto.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/paloalto.mdx diff --git a/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/remediationcomponent.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/remediationcomponent.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/remediationcomponent.mdx diff --git a/crowdsec-docs/unversioned/integrations/sophos.mdx b/crowdsec-docs/unversioned/blocklists/blaas_integrations/sophos.mdx similarity index 100% rename from crowdsec-docs/unversioned/integrations/sophos.mdx rename to crowdsec-docs/unversioned/blocklists/blaas_integrations/sophos.mdx diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx index 25973194..6de9ffa0 100644 --- a/crowdsec-docs/unversioned/blocklists/getting_started.mdx +++ b/crowdsec-docs/unversioned/blocklists/getting_started.mdx @@ -23,7 +23,7 @@ Depending on which path you take you can start with the following guides: title="Integrations" description="A seemless way to integrate CrowdSec blocklists into your existing firewall, CDN, or other security solutions." image="Hero Blocklists.png" - link="/u/integrations/intro" + link="/u/blocklists/integrations/intro" />
If you're new to CrowdSec, and want to use blocklists we recommend starting with the [Integrations guide](integrations/intro.mdx), however, if you are unsure where to start, feel free to browse our [main website for more information](https://www.crowdsec.net/). diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 2aa54b6b..a005c3cc 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -12,15 +12,28 @@ tags: [blaas,firewall,usecase] # Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall - - -/* what we want to achieve, -technicailty score: overall and per section -required skills -estimated time -*/ - - +> Use CrowdSec's Blocklist within your firewall without the need to +install the CrowdSec agent. + +## **TL;DR; Who What How** +For this use case, you will need to: +- Create a Blocklist As A Service endpoint within the CrowdSec Console UI or API + - **Who**: Anybody with a browser + - **Skill Level**: Easy + - **Time**: 5 minutes *(including account creation)* + - **Minium Plan**: free +- Subscribe to the blocklist(s) you want to use + - **Who**: Anybody with a browser + - **Skill Level**: Easy + - **Time**: < 5 minutes + - **Minium Plan**: free +- Make a rule into your firewall that fetches the blocklist from the BLAAS endpoint (basic auth URL) + - **Who**: Firewall administrator + - **Skill Level**: Easy + - **Time**: 5~10 minutes + +++ Test that it works and evaluate performance +++ Scale and Automate >> SAPI >> centralize your own blokclists ++ link to other use cases //////////// GPT generated From a31a3d0d1d1bdfcbeb4a5cb2ce7e7854ccaf7225 Mon Sep 17 00:00:00 2001 From: jdv Date: Mon, 16 Dec 2024 18:08:35 +0100 Subject: [PATCH 05/11] chamboulement --- .../blocklists/getting_started.mdx | 15 ++- crowdsec-docs/unversioned/blocklists/intro.md | 10 +- .../use_cases/blaas_to_firewall.mdx | 97 +------------------ 3 files changed, 22 insertions(+), 100 deletions(-) diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx index 6de9ffa0..d3ca88e7 100644 --- a/crowdsec-docs/unversioned/blocklists/getting_started.mdx +++ b/crowdsec-docs/unversioned/blocklists/getting_started.mdx @@ -1,24 +1,29 @@ --- id: getting_started -title: Getting Started +title: How to use CrowdSec Blocklists --- import ConsolePromo from '@site/src/components/ConsolePromo.js'; -There are two ways to get started with Blocklists: +There are two main paths to integrate CrowdSec blocklists into your infrastructure: -1. **Security Engine** - Use the CrowdSec Security Engine to ingest blocklists -2. **Integrations** - Use Integrations to ingest blocklists into firewall, CDN, or other security solutions +1. **Security Engine** - If you already have a CrowdSec Security Engine, you can use it to ingest blocklists +2. **Integrations** - For a purely SaaS approach, use Integrations to ingest blocklists into firewall, CDN, (...) via our Blockist as a Service Integrations endpoints Depending on which path you take you can start with the following guides: +# Security Engine Ingestion +If you already have security engines and remediation components installed in your infrastructure, you can follow the guide bellow. + -
+ +# SaaS Integration +If you want to use blocklists without installing the CrowdSec Security Engine you can follow the guide bellow. > SAPI >> centralize your own blokclists ++ link to other use cases +-------- -//////////// GPT generated - -# **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall** - -## **What We Want to Achieve** -Enhance your firewall’s protection by integrating CrowdSec’s **"Blocklist as a Service" (BLaaS)** feature. This service provides a dynamically updated list of malicious IPs and ranges from selected blocklists, hosted on an endpoint with basic authentication. By leveraging this integration, your firewall will proactively block known malicious actors, reducing attack surface and risk. - ---- - -## **Prerequisites** -Before starting, ensure you meet the following requirements: - -1. **Firewall Capabilities**: - - Your firewall supports creating rules from an IP or CIDR list hosted on a given endpoint. - - The list must be accessible via **basic authentication**. - -2. **BLaaS Integration**: - - You have a valid CrowdSec BLaaS configuration, exposing the merged blocklist endpoint. - - Ensure the blocklists attached to this integration match your security policies. - - Documentation: [Configuring BLaaS](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). - -3. **Access and Credentials**: - - Verify access to the BLaaS endpoint with provided basic auth credentials. - -4. **Network and API Access**: - - The firewall can access external endpoints over the internet or a designated network. - -5. **Testing Environment**: - - Ensure a testing setup is available to validate the integration before deploying it in production. - ---- - -## **Technicality Score** -- **Overall**: 🟠 Moderate (requires firewall configuration and API usage) -- **Section Breakdown**: - - **Firewall Compatibility Check**: 🟢 Easy - - **Retrieving Blocklists via BLaaS**: 🟡 Moderate - - **Configuring the Firewall**: 🟠 Moderate to Complex (depends on the firewall) - - **Testing & Maintenance**: 🟢 Easy to Moderate - ---- - -## **Required Skills** -- Basic understanding of networking and firewalls. -- Familiarity with basic authentication and endpoint configurations. -- Experience with REST APIs or CLI tools is helpful but not mandatory. - ---- - -## **Estimated Time** -- **Compatibility Check**: 15 minutes -- **BLaaS Setup Validation**: 15–30 minutes -- **Firewall Configuration**: 1–2 hours -- **Testing and Fine-Tuning**: 30–60 minutes -**Total Time**: ~2.5–4 hours - ---- - -## **Steps to Achieve This Goal** - -### 1. **Check Firewall Compatibility** - - Verify that your firewall can: - - Fetch and process an external list of IPs or CIDRs. - - Authenticate to endpoints using basic authentication. - - Refer to your firewall's documentation or CrowdSec’s [Supported Firewalls Guide](https://doc.crowdsec.net/docs/firewalls/overview/). - -### 2. **Validate Your BLaaS Configuration** - - Ensure your BLaaS endpoint is configured and accessible. - - Use the credentials to test access via tools like `curl` or Postman: - ```bash - curl -u username:password https://your-blaas-endpoint/blocklist - ``` - - Confirm the endpoint returns a properly formatted list of IPs and ranges. - - Documentation: [BLaaS Overview](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas). - -### 3. **Integrate Blocklists Into Your Firewall** - - Configure your firewall to fetch the list at regular intervals. - - Apply rules to enforce blocking based on the retrieved IPs and CIDRs. - - Example configurations for common firewalls are available in the [Firewall Integration Guide](https://doc.crowdsec.net/docs/using-crowdsec/firewall/). - -### 4. **Test and Verify** - - Simulate traffic from a blocked IP to verify that the firewall correctly applies the rules. - - Review logs to ensure legitimate traffic isn’t inadvertently blocked. - -### 5. **Automate and Maintain** - - Schedule periodic updates for the blocklist (e.g., cron jobs for API pulls). - - Monitor the firewall and CrowdSec logs for performance and effectiveness. - - Refer to [Monitoring Best Practices](https://doc.crowdsec.net/docs/monitoring/overview/). - ---- - -By integrating CrowdSec’s "Blocklist as a Service" into your firewall, you gain access to dynamic, community-powered threat intelligence that keeps your infrastructure secure. For more detailed configuration examples and troubleshooting, explore the [CrowdSec Documentation](https://doc.crowdsec.net/). +[ ] Move u/integrations/ to u/console/blaas_integrations/ + [ ] start with + - Need to create console account + - link of alternative via SAPI From 20baf99dc20fefa126da1c9bd963740d79b46182 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 11:38:03 +0100 Subject: [PATCH 06/11] fix ids in sidebar unversionned --- crowdsec-docs/sidebarsUnversioned.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 226ffc13..0ddac184 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -375,18 +375,18 @@ module.exports = { type: "category", link: { type: "doc", - id: "blaas_integrations/intro", + id: "blocklists/blaas_integrations/intro", }, label: "Blocklist as a Service", items: [ - "blaas_integrations/cisco", - "blaas_integrations/checkpoint", - "blaas_integrations/f5", - "blaas_integrations/fortinet", - "blaas_integrations/paloalto", - "blaas_integrations/sophos", - "blaas_integrations/genericfirewall", - "blaas_integrations/remediationcomponent", + "blocklists/blaas_integrations/cisco", + "blocklists/blaas_integrations/checkpoint", + "blocklists/blaas_integrations/f5", + "blocklists/blaas_integrations/fortinet", + "blocklists/blaas_integrations/paloalto", + "blocklists/blaas_integrations/sophos", + "blocklists/blaas_integrations/genericfirewall", + "blocklists/blaas_integrations/remediationcomponent", ], }, ], From c58a66efa5593c6d6869228ce54297bdc3585512 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 16:47:11 +0100 Subject: [PATCH 07/11] fixed side bar for usecase --- crowdsec-docs/sidebarsUnversioned.js | 6 ++- .../use_cases/blaas_to_firewall.mdx | 39 +++++++++++-------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 0ddac184..acaef3cb 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -460,7 +460,11 @@ module.exports = { type: "category", label: "Use cases", items: [ - "user_guides/use_cases/blaas_to_firewall", + { + type: "doc", + label: "Blocklist to Firewall", + id: "user_guides/use_cases/blaas_to_firewall", + }, ], }, { diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 7b881cfa..2367a981 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,39 +5,44 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- -| **Difficulty** | 1/5 | -| **CrowdSec Service Setup Time** | 5 minutes | -| **Firewall Configuration Time** | 5~10 minutes | -| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | +| :------------------------------ | :----------- | +| **Difficulty** | 1/5 | +| **CrowdSec Service Setup Time** | 5 minutes | +| **Firewall Configuration Time** | 5~10 minutes | +| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | # Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall -> Use CrowdSec's Blocklist within your firewall without the need to -install the CrowdSec agent. +> Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. -## **TL;DR; Who What How** +## **Steps to follow** For this use case, you will need to: -- Create a Blocklist As A Service endpoint within the CrowdSec Console UI or API +- [Create a **Blocklist As A Service endpoint** within the CrowdSec Console UI or API](/u/blocklists/blaas_integrations/intro) - **Who**: Anybody with a browser - **Skill Level**: Easy - **Time**: 5 minutes *(including account creation)* - **Minium Plan**: free -- Subscribe to the blocklist(s) you want to use +- [**Subscribe** to the blocklist(s) you want to use](u/console/blocklists/subscription) - **Who**: Anybody with a browser - **Skill Level**: Easy - **Time**: < 5 minutes - **Minium Plan**: free -- Make a rule into your firewall that fetches the blocklist from the BLAAS endpoint (basic auth URL) +- Make a **rule into your firewall** that fetches the blocklist from the BLAAS endpoint (basic auth URL) - **Who**: Firewall administrator - **Skill Level**: Easy - **Time**: 5~10 minutes -++ Test that it works and evaluate performance -++ Scale and Automate >> SAPI >> centralize your own blokclists ++ link to other use cases +## Test that it works and evaluate performance +Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist. +Note that --------- -[ ] Move u/integrations/ to u/console/blaas_integrations/ - [ ] start with - - Need to create console account - - link of alternative via SAPI +# Next step: Scale and Automate +You can use CrowdSec Service API (SAPI) to automate both: +- [**creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) +- And [**blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) + +You can also look into [**creating**](/u/service_api/quickstart/blocklists#create-a-blocklist) and Sharing your own blocklists via SAPI. +Check out our [swagger for SAPI ↗️](https://admin.api.crowdsec.net/v1/docs#/) + +*(usecase coming soon)* \ No newline at end of file From cda7ff4ff01d769e18364645ae94c719aa3564f3 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 17:02:34 +0100 Subject: [PATCH 08/11] fixing table --- .../unversioned/user_guides/use_cases/blaas_to_firewall.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 2367a981..ea64b356 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,6 +5,7 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- +| Use Case Hints | | | :------------------------------ | :----------- | | **Difficulty** | 1/5 | | **CrowdSec Service Setup Time** | 5 minutes | From ef82783b619f2af10669de0c202d3b0d8fbc6d45 Mon Sep 17 00:00:00 2001 From: jdv Date: Tue, 17 Dec 2024 17:33:09 +0100 Subject: [PATCH 09/11] changed table format --- .../use_cases/blaas_to_firewall.mdx | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index ea64b356..c37cca56 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -5,17 +5,29 @@ sidebar_position: 10 tags: [blaas,firewall,usecase] --- -| Use Case Hints | | -| :------------------------------ | :----------- | -| **Difficulty** | 1/5 | -| **CrowdSec Service Setup Time** | 5 minutes | -| **Firewall Configuration Time** | 5~10 minutes | -| **Involved Resources** | CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall | - -# Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall +# Integrating CrowdSec Blocklists Directly Into Your Firewall > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. + + + + + + + + + + + + + + + + + +
Difficulty1/5
CrowdSec Service Setup Time5 minutes
Firewall Configuration Time5~10 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
+ ## **Steps to follow** For this use case, you will need to: - [Create a **Blocklist As A Service endpoint** within the CrowdSec Console UI or API](/u/blocklists/blaas_integrations/intro) From 5aa7a8b251119eb90ff7f9beb6d58719fa0734e0 Mon Sep 17 00:00:00 2001 From: jdv Date: Wed, 18 Dec 2024 09:03:45 +0100 Subject: [PATCH 10/11] trying jsx styling --- .../use_cases/blaas_to_firewall.mdx | 34 ++++++++++++------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index c37cca56..9aef03fa 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -9,23 +9,31 @@ tags: [blaas,firewall,usecase] > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. - - - - +
Difficulty1/5
+ + + + - - - + + + + + - - - + + + - - - + + + + + + + +
Use Case Hints
CrowdSec Service Setup Time5 minutes
Difficulty1/5
Firewall Configuration Time5~10 minutes
CrowdSec Service Setup Time5 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
Firewall Configuration Time5~10 minutes
Involved ResourcesCrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall
## **Steps to follow** From b3897d28b48e12d8c2f201696220faa177ad8bce Mon Sep 17 00:00:00 2001 From: jdv Date: Wed, 18 Dec 2024 09:21:06 +0100 Subject: [PATCH 11/11] slight changes --- .../use_cases/blaas_to_firewall.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx index 9aef03fa..578bf58c 100644 --- a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx +++ b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx @@ -9,13 +9,8 @@ tags: [blaas,firewall,usecase] > Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent. +
- - - - - - @@ -35,6 +30,7 @@ tags: [blaas,firewall,usecase]
Use Case Hints
Difficulty
+
## **Steps to follow** For this use case, you will need to: @@ -54,14 +50,18 @@ For this use case, you will need to: - **Time**: 5~10 minutes ## Test that it works and evaluate performance +1. Check that the end point is providing the blocklist you subscribed to at the format you chose by running a `curl` command: +``` +curl -u : +``` +2. Check that the blocklist is being fetched by your firewall by observing the logs or metrics of your firewall. Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist. Note that - -# Next step: Scale and Automate +## Next step - Scale and Automate You can use CrowdSec Service API (SAPI) to automate both: -- [**creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) -- And [**blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) +- [**Creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) +- And [**Blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist) You can also look into [**creating**](/u/service_api/quickstart/blocklists#create-a-blocklist) and Sharing your own blocklists via SAPI. Check out our [swagger for SAPI ↗️](https://admin.api.crowdsec.net/v1/docs#/)