chamboulement

jdv · jdv · commit a31a3d0d1d1b · 2024-12-16T18:08:55.000+01:00
diff --git a/crowdsec-docs/unversioned/blocklists/getting_started.mdx b/crowdsec-docs/unversioned/blocklists/getting_started.mdx
@@ -1,24 +1,29 @@
 ---
 id: getting_started
-title: Getting Started
+title: How to use CrowdSec Blocklists
 ---
 
 import ConsolePromo from '@site/src/components/ConsolePromo.js';
 
-There are two ways to get started with Blocklists:
+There are two main paths to integrate CrowdSec blocklists into your infrastructure:
 
-1. **Security Engine** - Use the CrowdSec Security Engine to ingest blocklists
-2. **Integrations** - Use Integrations to ingest blocklists into firewall, CDN, or other security solutions
+1. **Security Engine** - If you already have a CrowdSec Security Engine, you can use it to ingest blocklists
+2. **Integrations** - For a purely SaaS approach, use Integrations to ingest blocklists into firewall, CDN, (...) via our Blockist as a Service Integrations endpoints
 
 Depending on which path you take you can start with the following guides:
 
+# Security Engine Ingestion
+If you already have security engines and remediation components installed in your infrastructure, you can follow the guide bellow.   
+<!-- We'll make those sections a bit more unifor later, maybe even in this current page rather than remote ones made only for this purpose -->
 <ConsolePromo
     title="CrowdSec Security Engine"
     description="The CrowdSec Security Engine is a powerful, open-source software for detecting and blocking malicious IPs, safeguarding both infrastructure and application security."
     image="Hero Security Engine.png"
     link="/u/blocklists/security_engine"
 />
-<br/>
+
+# SaaS Integration
+If you want to use blocklists without installing the CrowdSec Security Engine you can follow the guide bellow.    
 <ConsolePromo
     title="Integrations"
     description="A seemless way to integrate CrowdSec blocklists into your existing firewall, CDN, or other security solutions."
diff --git a/crowdsec-docs/unversioned/blocklists/intro.md b/crowdsec-docs/unversioned/blocklists/intro.md
@@ -1,12 +1,16 @@
 ---
 id: intro
-title: Introduction
+title: CrowdSec Blocklists - Proactively defend your perimeter
 sidebar_position: 2
 ---
 
-## Objective
+CrowdSec's Blocklist regroup IPs and ranges that have been **validated** as performing **malicious behaviors** on **exposed endpoints**.   
+Those blocklists are kept up to date and are currated to ensure they don't contain false positives.   
+Their are meant to be directly actionable to protect your perimeter from thousands of known attackers.   
+The unique nature of CrowdSec's network, by its diversity and size brings unmatched exclusivity and quality.   
 
-Welcome to the documentation section dedicated to CrowdSec's Blocklists. This section will outline what Blocklists are, how they work, and how you can use them to protect your systems.
+
+This section will help you understand the nature of our different blocklists, how they work, and how you can use them to protect your systems.
 
 ## What are CrowdSec Blocklists?
 
diff --git a/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx b/crowdsec-docs/unversioned/user_guides/use_cases/blaas_to_firewall.mdx
@@ -35,96 +35,9 @@ For this use case, you will need to:
 ++ Test that it works and evaluate performance
 ++ Scale and Automate >> SAPI >> centralize your own blokclists ++ link to other use cases
 
+--------
 
-//////////// GPT generated
-
-# **Use Case: Integrating CrowdSec Blocklists Directly Into Your Firewall**
-
-## **What We Want to Achieve**
-Enhance your firewall’s protection by integrating CrowdSec’s **"Blocklist as a Service" (BLaaS)** feature. This service provides a dynamically updated list of malicious IPs and ranges from selected blocklists, hosted on an endpoint with basic authentication. By leveraging this integration, your firewall will proactively block known malicious actors, reducing attack surface and risk.
-
----
-
-## **Prerequisites**
-Before starting, ensure you meet the following requirements:
-
-1. **Firewall Capabilities**:
-   - Your firewall supports creating rules from an IP or CIDR list hosted on a given endpoint.
-   - The list must be accessible via **basic authentication**.
-
-2. **BLaaS Integration**:
-   - You have a valid CrowdSec BLaaS configuration, exposing the merged blocklist endpoint.
-   - Ensure the blocklists attached to this integration match your security policies.
-   - Documentation: [Configuring BLaaS](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas).
-
-3. **Access and Credentials**:
-   - Verify access to the BLaaS endpoint with provided basic auth credentials.
-
-4. **Network and API Access**:
-   - The firewall can access external endpoints over the internet or a designated network.
-
-5. **Testing Environment**:
-   - Ensure a testing setup is available to validate the integration before deploying it in production.
-
----
-
-## **Technicality Score**
-- **Overall**: 🟠 Moderate (requires firewall configuration and API usage)
-- **Section Breakdown**:
-  - **Firewall Compatibility Check**: 🟢 Easy
-  - **Retrieving Blocklists via BLaaS**: 🟡 Moderate
-  - **Configuring the Firewall**: 🟠 Moderate to Complex (depends on the firewall)
-  - **Testing & Maintenance**: 🟢 Easy to Moderate
-
----
-
-## **Required Skills**
-- Basic understanding of networking and firewalls.
-- Familiarity with basic authentication and endpoint configurations.
-- Experience with REST APIs or CLI tools is helpful but not mandatory.
-
----
-
-## **Estimated Time**
-- **Compatibility Check**: 15 minutes  
-- **BLaaS Setup Validation**: 15–30 minutes  
-- **Firewall Configuration**: 1–2 hours  
-- **Testing and Fine-Tuning**: 30–60 minutes  
-**Total Time**: ~2.5–4 hours  
-
----
-
-## **Steps to Achieve This Goal**
-
-### 1. **Check Firewall Compatibility**
-   - Verify that your firewall can:
-     - Fetch and process an external list of IPs or CIDRs.
-     - Authenticate to endpoints using basic authentication.
-   - Refer to your firewall's documentation or CrowdSec’s [Supported Firewalls Guide](https://doc.crowdsec.net/docs/firewalls/overview/).
-
-### 2. **Validate Your BLaaS Configuration**
-   - Ensure your BLaaS endpoint is configured and accessible.
-   - Use the credentials to test access via tools like `curl` or Postman:
-     ```bash
-     curl -u username:password https://your-blaas-endpoint/blocklist
-     ```
-   - Confirm the endpoint returns a properly formatted list of IPs and ranges.
-   - Documentation: [BLaaS Overview](https://doc.crowdsec.net/docs/using-crowdsec/blocklist/#blocklist-as-a-service-blaas).
-
-### 3. **Integrate Blocklists Into Your Firewall**
-   - Configure your firewall to fetch the list at regular intervals.
-   - Apply rules to enforce blocking based on the retrieved IPs and CIDRs.
-   - Example configurations for common firewalls are available in the [Firewall Integration Guide](https://doc.crowdsec.net/docs/using-crowdsec/firewall/).
-
-### 4. **Test and Verify**
-   - Simulate traffic from a blocked IP to verify that the firewall correctly applies the rules.
-   - Review logs to ensure legitimate traffic isn’t inadvertently blocked.
-
-### 5. **Automate and Maintain**
-   - Schedule periodic updates for the blocklist (e.g., cron jobs for API pulls).
-   - Monitor the firewall and CrowdSec logs for performance and effectiveness.
-   - Refer to [Monitoring Best Practices](https://doc.crowdsec.net/docs/monitoring/overview/).
-
----
-
-By integrating CrowdSec’s "Blocklist as a Service" into your firewall, you gain access to dynamic, community-powered threat intelligence that keeps your infrastructure secure. For more detailed configuration examples and troubleshooting, explore the [CrowdSec Documentation](https://doc.crowdsec.net/).
+[ ] Move u/integrations/ to u/console/blaas_integrations/
+   [ ] start with
+      - Need to create console account
+      - link of alternative via SAPI
