diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js index 07ef7135c..692873f91 100644 --- a/crowdsec-docs/sidebarsUnversioned.js +++ b/crowdsec-docs/sidebarsUnversioned.js @@ -183,6 +183,11 @@ module.exports = { label: "Introduction", id: "console/cti/intro", }, + { + type: "doc", + label: "Getting started", + id: "console/cti/getting_started", + }, ], }, { diff --git a/crowdsec-docs/static/img/console/cti/featured_searches.png b/crowdsec-docs/static/img/console/cti/featured_searches.png new file mode 100644 index 000000000..6430afec9 Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/featured_searches.png differ diff --git a/crowdsec-docs/static/img/console/cti/searchbar.png b/crowdsec-docs/static/img/console/cti/searchbar.png new file mode 100644 index 000000000..4bb88c3ae Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/searchbar.png differ diff --git a/crowdsec-docs/static/img/console/cti/searchbar_check_ip_button.png b/crowdsec-docs/static/img/console/cti/searchbar_check_ip_button.png new file mode 100644 index 000000000..520172b5a Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/searchbar_check_ip_button.png differ diff --git a/crowdsec-docs/static/img/console/cti/top_ten_ips.png b/crowdsec-docs/static/img/console/cti/top_ten_ips.png new file mode 100644 index 000000000..1113c7115 Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/top_ten_ips.png differ diff --git a/crowdsec-docs/unversioned/console/cti/getting_started.md b/crowdsec-docs/unversioned/console/cti/getting_started.md new file mode 100644 index 000000000..3b4449a8a --- /dev/null +++ b/crowdsec-docs/unversioned/console/cti/getting_started.md @@ -0,0 +1,53 @@ +--- +title: Getting Started +description: Get started with CrowdSec's Cyber Threat Intelligence (CTI) platform. +--- + +Welcome to CrowdSec’s Cyber Threat Intelligence (CTI)! This guide will help you navigate the home page and make the most of its features, from searching for IP details to exploring real-time threat insights. Let’s get started! + +> You can access the CTI home page [here](https://app.crowdsec.net/cti). + +## What Can You Find on the Home Page? + +The CTI home page is designed to give you instant access to valuable threat intelligence. Here’s what you’ll find: + +### Search Bar + +A powerful search bar at the top of the page allows you to: + +- Search for any IP address to see detailed information about its activity, risk level, and geolocation. (Example: `192.168.0.0`) +- Use Lucene queries for more advanced searches to filter data based on specific criteria, such as threat type or country. _Example queries:_ + - `reputation:malicious` + - `behaviors.label:"HTTP Bruteforce" AND location.country:"FR"` + +![CTI Search Bar](/img/console/cti/searchbar.png) + +### Check Your Own IP + +A dedicated button lets you check the details of your own IP address with one click. +When clicked, this feature automatically redirects you to your IP detail page. + +![Search Check own IP button](/img/console/cti/searchbar_check_ip_button.png) + +### Predefined Searches + +To save time, the home page offers predefined searches showcasing typical use cases. These searches are built with Lucene queries and allow you to explore. Each predefined query is clickable, leading to a results page where you can further refine or explore the data. + +![CTI Featured Searches](/img/console/cti/featured_searches.png) + +### Top 10 Most Aggressive IPs + +A dynamic leaderboard displays the top 10 most aggressive IPs observed by CrowdSec in the last 24 hours. Each entry includes: + +- The IP address. +- The attack type (e.g., brute force, DDoS). +- The geographical location of the IP. +- The IP range +- The AS +- The background noise level (More info [here](https://doc.crowdsec.net/u/console/alerts/background_noise)) + +Clicking on an IP in the list takes you to its detail page, where you can explore its full profile. + +![Top 10 IPs](/img/console/cti/top_ten_ips.png) + +> Start exploring the CTI home page [here](https://app.crowdsec.net/cti) and discover the latest threat intelligence to protect your infrastructure. diff --git a/crowdsec-docs/unversioned/console/cti/intro.md b/crowdsec-docs/unversioned/console/cti/intro.md index 9fb86dbc8..f0aef1506 100644 --- a/crowdsec-docs/unversioned/console/cti/intro.md +++ b/crowdsec-docs/unversioned/console/cti/intro.md @@ -1,6 +1,6 @@ --- title: Introduction -description: Introduction to the Alerts section of the CrowdSec Console +description: Introduction to CrowdSec's Cyber Threat Intelligence (CTI) platform. --- **CrowdSec’s Cyber Threat Intelligence (CTI)** is a cutting-edge platform that enhances your cybersecurity defenses through community-driven insights and advanced threat intelligence. This introduction provides an overview of CTI’s purpose, benefits, competitive advantages and including a search page with filters and IP detail pages.