Jdv usecase blaas to firewall

crowdsec-docs/docs/concepts.md

@@ -40,7 +40,7 @@ The Local API (abreviated as `LAPI`) has several functions:
 > The Remediation Components (also called `Bouncers`) are external components in charge of enforcing decisions.
 
 Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked *(or other supported types or remediations such as Captcha, supported by some of our Bouncers).*    
-*Note that they also support [CrowdSec's Blocklist as a Service](/u/integrations/intro).*
+*Note that they also support [CrowdSec's Blocklist as a Service](/u/blocklists/blaas_integrations/intro).*
 
 Those Decisions can be based on behavioral detection made by the `LP` or from Blocklists.
 

crowdsec-docs/sidebarsUnversioned.js

@@ -375,18 +375,18 @@ module.exports = {
             type: "category",
             link: {
                 type: "doc",
-                id: "integrations/intro",
+                id: "blocklists/blaas_integrations/intro",
             },
-            label: "Integrations",
+            label: "Blocklist as a Service",
             items: [
-                "integrations/cisco",
-                "integrations/checkpoint",
-                "integrations/f5",
-                "integrations/fortinet",
-                "integrations/paloalto",
-                "integrations/sophos",
-                "integrations/genericfirewall",
-                "integrations/remediationcomponent",
+                "blocklists/blaas_integrations/cisco",
+                "blocklists/blaas_integrations/checkpoint",
+                "blocklists/blaas_integrations/f5",
+                "blocklists/blaas_integrations/fortinet",
+                "blocklists/blaas_integrations/paloalto",
+                "blocklists/blaas_integrations/sophos",
+                "blocklists/blaas_integrations/genericfirewall",
+                "blocklists/blaas_integrations/remediationcomponent",
             ],
         },
     ],
@@ -456,6 +456,17 @@ module.exports = {
     ],
     guidesSideBar: [
         "user_guides/intro",
+        {
+            type: "category",
+            label: "Use cases",
+            items: [
+                {
+                    type: "doc",
+                    label: "Blocklist to Firewall",
+                    id: "user_guides/use_cases/blaas_to_firewall",
+                },
+            ],
+        },
         {
             type: "category",
             label: "Management",

crowdsec-docs/unversioned/integrations/intro.mdx → crowdsec-docs/unversioned/blocklists/blaas_integrations/intro.mdx

@@ -56,7 +56,7 @@ Once you are on the Integrations page you can select the integration you would l
 - [Fortinet](integrations/fortinet.mdx)
 - [Palo Alto](integrations/paloalto.mdx)
 - [Sophos](integrations/sophos.mdx)
-- [Generic Firewall](integrations/genericvendor.mdx)
+- [Generic Firewall (Raw IP-List)](integrations/genericvendor.mdx)
 - [Remediation Component](integrations/remediationcomponent.mdx)
 
 :::info

crowdsec-docs/unversioned/blocklists/getting_started.mdx

@@ -1,29 +1,34 @@
 ---
 id: getting_started
-title: Getting Started
+title: How to use CrowdSec Blocklists
 ---
 
 import ConsolePromo from '@site/src/components/ConsolePromo.js';
 
-There are two ways to get started with Blocklists:
+There are two main paths to integrate CrowdSec blocklists into your infrastructure:
 
-1. **Security Engine** - Use the CrowdSec Security Engine to ingest blocklists
-2. **Integrations** - Use Integrations to ingest blocklists into firewall, CDN, or other security solutions
+1. **Security Engine** - If you already have a CrowdSec Security Engine, you can use it to ingest blocklists
+2. **Integrations** - For a purely SaaS approach, use Integrations to ingest blocklists into firewall, CDN, (...) via our Blockist as a Service Integrations endpoints
 
 Depending on which path you take you can start with the following guides:
 
+# Security Engine Ingestion
+If you already have security engines and remediation components installed in your infrastructure, you can follow the guide bellow.   
+<!-- We'll make those sections a bit more unifor later, maybe even in this current page rather than remote ones made only for this purpose -->
 <ConsolePromo
     title="CrowdSec Security Engine"
     description="The CrowdSec Security Engine is a powerful, open-source software for detecting and blocking malicious IPs, safeguarding both infrastructure and application security."
     image="Hero Security Engine.png"
     link="/u/blocklists/security_engine"
 />
-<br/>
+
+# SaaS Integration
+If you want to use blocklists without installing the CrowdSec Security Engine you can follow the guide bellow.    
 <ConsolePromo
     title="Integrations"
     description="A seemless way to integrate CrowdSec blocklists into your existing firewall, CDN, or other security solutions."
     image="Hero Blocklists.png"
-    link="/u/integrations/intro"
+    link="/u/blocklists/integrations/intro"
 />
 <br/>
 If you're new to CrowdSec, and want to use blocklists we recommend starting with the [Integrations guide](integrations/intro.mdx), however, if you are unsure where to start, feel free to browse our [main website for more information](https://www.crowdsec.net/).

crowdsec-docs/unversioned/blocklists/intro.md

@@ -1,12 +1,16 @@
 ---
 id: intro
-title: Introduction
+title: CrowdSec Blocklists - Proactively defend your perimeter
 sidebar_position: 2
 ---
 
-## Objective
+CrowdSec's Blocklist regroup IPs and ranges that have been **validated** as performing **malicious behaviors** on **exposed endpoints**.   
+Those blocklists are kept up to date and are currated to ensure they don't contain false positives.   
+Their are meant to be directly actionable to protect your perimeter from thousands of known attackers.   
+The unique nature of CrowdSec's network, by its diversity and size brings unmatched exclusivity and quality.   
 
-Welcome to the documentation section dedicated to CrowdSec's Blocklists. This section will outline what Blocklists are, how they work, and how you can use them to protect your systems.
+
+This section will help you understand the nature of our different blocklists, how they work, and how you can use them to protect your systems.
 
 ## What are CrowdSec Blocklists?
 

crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx

@@ -0,0 +1,69 @@
+---
+id: blaas_to_firewall
+title: Use our blocklist directly in your firewall
+sidebar_position: 10
+tags: [blaas,firewall,usecase]
+---
+
+# Integrating CrowdSec Blocklists Directly Into Your Firewall
+
+> Use CrowdSec's Blocklist within your firewall without the need to install the CrowdSec agent.
+
+<center>
+<table style={{ fontSize: '0.5em', borderCollapse: 'collapse', width: '100%' }}>
+  <tbody>
+    <tr style={{ backgroundColor: 'rgba(0, 0, 0, 0.05)' }}>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}><strong>Difficulty</strong></td>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}>1/5</td>
+    </tr>
+    <tr style={{ backgroundColor: 'transparent' }}>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}><strong>CrowdSec Service Setup Time</strong></td>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}>5 minutes</td>
+    </tr>
+    <tr style={{ backgroundColor: 'rgba(0, 0, 0, 0.05)' }}>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}><strong>Firewall Configuration Time</strong></td>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}>5~10 minutes</td>
+    </tr>
+    <tr style={{ backgroundColor: 'transparent' }}>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}><strong>Involved Resources</strong></td>
+      <td style={{ padding: '8px', borderBottom: '1px solid #ddd' }}>CrowdSec BLaaS Integration, CrowdSec Blocklists, User's Firewall</td>
+    </tr>
+  </tbody>
+</table>
+</center>
+
+## **Steps to follow**
+For this use case, you will need to:
+- [Create a **Blocklist As A Service endpoint** within the CrowdSec Console UI or API](/u/blocklists/blaas_integrations/intro)
+   - **Who**: Anybody with a browser
+   - **Skill Level**: Easy
+   - **Time**: 5 minutes *(including account creation)*
+   - **Minium Plan**: free
+- [**Subscribe** to the blocklist(s) you want to use](u/console/blocklists/subscription)
+   - **Who**: Anybody with a browser
+   - **Skill Level**: Easy
+   - **Time**: < 5 minutes
+   - **Minium Plan**: free
+- Make a **rule into your firewall** that fetches the blocklist from the BLAAS endpoint (basic auth URL)
+   - **Who**: Firewall administrator
+   - **Skill Level**: Easy
+   - **Time**: 5~10 minutes
+
+## Test that it works and evaluate performance
+1. Check that the end point is providing the blocklist you subscribed to at the format you chose by running a `curl` command:
+```
+curl -u <user>:<password> <url of the endpoint>
+```
+2. Check that the blocklist is being fetched by your firewall by observing the logs or metrics of your firewall.
+Depending on your firewall capabilities you can chose a metered action in your rule OR observe volume of ingress reaching your services before and after using the blocklist.   
+Note that
+
+## Next step - Scale and Automate
+You can use CrowdSec Service API (SAPI) to automate both:
+- [**Creation of BLaaS endpoints**](/u/service_api/quickstart/integrations#creating-integration) 
+- And [**Blocklist subscriptions**](/u/service_api/quickstart/blocklists#subscribe-to-a-blocklist)
+
+You can also look into [**creating**](/u/service_api/quickstart/blocklists#create-a-blocklist) and Sharing your own blocklists via SAPI.   
+Check out our [swagger for SAPI ↗️](https://admin.api.crowdsec.net/v1/docs#/)
+
+*(usecase coming soon)*