Update SE intro page #649
Update SE intro page #649
Conversation
buixor
commented
Oct 25, 2024
buixor
commented
- Improve the intro page
- Make the schemas simpler and fancier
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
|
|
||
| CrowdSec is a modular framework, offering a variety of [popular scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access. | ||
| CrowdSec is a modular framework, offering a variety of [scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access. |
There was a problem hiding this comment.
This sentence is not very clear.
- Are we using the word framework here ? it's a bit confusing
- We should define that they are behavior or detection scenarios and we could also mention appsec rules ehre
-
- also we're talking about protection later and deploy remediation components (the ppl don't know about that yet, we should ease them into it by talking a higher level discourse here)
=== GPT assisted alternative:
CrowdSec is a modular solution designed to detect and respond to security threats. With a range of behavior-based detection scenarios, including application security (AppSec) rules, users can choose what best fits their protection needs. Additionally, CrowdSec provides tools, known as remediation components, to help block malicious access based on the chosen detection criteria.
== shorter ===
CrowdSec is a modular security tool offering behavior-based detection, including AppSec rules, and optional components to block threats called Remediation Components
|
|
||
| CrowdSec is a modular framework, offering a variety of [popular scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access. | ||
| CrowdSec is a modular framework, offering a variety of [scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access. | ||
|
|
||
| The crowd-sourced aspect allows sharing attack information among users, enhancing real-time attack detection and preemptive blocking of known bad actors from your system. |
There was a problem hiding this comment.
That's a bit rough.. you're mentionning "the crowd sourced" aspect like it's been mentioned before. (maybe not your sentence tough)
I'd change it in :
CrowdSec as a collaboration aspect allowing the sharing of attacks they detected and blocked. Participants of this crowd-sourced threat intel receive, automatically via the security engine, a curated list of validated attackers (community blocklist) enhancing their real-time protection capabilities by taking preemptive actions against known threats.
| @@ -26,8 +34,9 @@ The crowd-sourced aspect allows sharing attack information among users, enhancin | |||
| In addition to the core "detect and react" mechanism, CrowdSec is committed to several other key aspects: | |||
|
|
|||
| - **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/getting_started/versions_matrix.md). | |||
There was a problem hiding this comment.
we could mention the word package or packaged in there ?
And add mass compatibility
- Mass compatibility: Coded in GOlang, it can run on virtually any system
- Effortless out-of-the-box installation and packaged on many supported platforms.
| @@ -26,8 +34,9 @@ The crowd-sourced aspect allows sharing attack information among users, enhancin | |||
| In addition to the core "detect and react" mechanism, CrowdSec is committed to several other key aspects: | |||
|
|
|||
| - **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/getting_started/versions_matrix.md). | |||
| - **Simplified Daily Operations**: Use [cscli](/cscli/cscli.md) and the [hub](http://hub.crowdsec.net) for effortless maintenance and keeping your detection mechanisms up-to-date. | |||
| - **Simplified Daily Operations**: Use the [console](http://app.crowdsec.net) and [cscli](/cscli/cscli.md) for effortless maintenance and keeping your detection mechanisms up-to-date. | |||
There was a problem hiding this comment.
Maybe precise the console is web and I guess cscli is explicit enough but we could give it a good adjective
- Simplified Daily Operations: You have access to our Web UI administration via CrowdSec's console or the powerful Command line tool cscli for effortless maintenance and keeping your detection mechanisms up-to-date.
| Under the hood, the Security Engine has various components: | ||
|
|
||
| - The Log Processor is in charge of detection: it analyzes logs from [various data sources](/docs/data_sources/intro) or [HTTP requests](/appsec/intro.md) from web servers. | ||
| - The [WAF](/appsec/intro.md) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers. |
There was a problem hiding this comment.
Are we calling this small part of the SE the WAF?
I was still on the fact that we can call an install CrowdSec WAF when talking in general but in this sentence case it would be the AppSec capability/processor or something like that:
- An AppSec feature is part of the Log Processor and filters HTTP Requests from the compatible web servers and RPs.
| </div> | ||
| </div> | ||
|
|
||
| Under the hood, the Security Engine has various components: |
There was a problem hiding this comment.
Should we really use components here ?
We use components for things that are external to the SE code/binary
Let's use the word "Functions" or "Functionnal Processes" or something distinct indicating that it's PART of the binary and withing the SE code
|
|
||
| - The Log Processor is in charge of detection: it analyzes logs from [various data sources](/docs/data_sources/intro) or [HTTP requests](/appsec/intro.md) from web servers. | ||
| - The [WAF](/appsec/intro.md) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers. | ||
| - The [Local API](/local_api/intro.md) acts as a middle man between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions. |
There was a problem hiding this comment.
That's it ?
don't we mention it's also interracting with CrowdSec network for crowd-sourced aspect and SaaS functions like the CrowdSEc Console
| - The Log Processor is in charge of detection: it analyzes logs from [various data sources](/docs/data_sources/intro) or [HTTP requests](/appsec/intro.md) from web servers. | ||
| - The [WAF](/appsec/intro.md) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers. | ||
| - The [Local API](/local_api/intro.md) acts as a middle man between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions. | ||
| - The [Remediation Components](/u/bouncers/intro) - also known as bouncers - are in charge of blocking bad IPs by using the components already available. |
There was a problem hiding this comment.
Let's reasure the reader that we're compatible with HIS components
-Remediation Components, aka bouncers, block malicious IPs at your chosen level—whether via IpTables, firewalls, web servers, or reverse proxies. See the full list on our CrowdSec Hub.
| - The [Local API](/local_api/intro.md) acts as a middle man between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions. | ||
| - The [Remediation Components](/u/bouncers/intro) - also known as bouncers - are in charge of blocking bad IPs by using the components already available. | ||
|
|
||
|
|
There was a problem hiding this comment.
add a section here in order to have it appear in the table of contents:
example:
- A setup for everyone
- Security engine setup suggestions
- Choose a fitting architecture
- Next: Choice of Setup
| <div style={{display: 'flex'}}> | ||
| <div style={{textAlign: 'center', flex: '1'}}> | ||
| <img width="800" height="auto" src={useBaseUrl('/img/crowdsec_ecosystem.png')} /> | ||
| <img width="800" height="auto" src={useBaseUrl('/img/simplified_SE_overview.png')} /> |
There was a problem hiding this comment.
- Changer le titre pour pas qu'on ait uniquement "Introduction" genre "Security Engine Overview"
- Et un peu brute de décoffrage de commencer la page sur un schéma sans meme un mini mot d'introduction.
Proposition de phrase avant le schéma:
Here’s a quick overview of our FOSS IDS/IPS, the CrowdSec Security Engine—from core features to its architecture and setup suggestions tailored to your infrastructure.
//then schema
// then we can start eventually with a ### What is the Security Engine
