Merge branch 'main' into detailed_update

crowdsecurity · Nov 18, 2024 · e797d4f · e797d4f
2 parents 4381c18 + 8f24d8b
commit e797d4f
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 11 deletions.
diff --git a/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx b/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
@@ -115,7 +115,7 @@ sudo systemctl start crowdsec-cloudflare-worker-bouncer # the Remediation Compon
 
 #### From source
 
-:warning: requires go >= 1.20
+:warning: requires go >= 1.23
 
 ```bash
 git clone https://github.com/crowdsecurity/cs-cloudflare-worker-bouncer
@@ -137,7 +137,15 @@ The Remediation Component does the following:
 1. Create a Cloudflare Worker and a Worker KV per configured account.
 2. Create a Worker Route(s) per configured zone. Any request matching the route would be handled by the worker.
 3. For every matching incoming request, the worker checks whether it's IP, Country and AS have a decision against. It checks for this in it's KV store. If found it performs the corresponding remediation.
-4. The Remediation Component also periodically updates the KV store with the latest decisions from CrowdSec. 
+4. The Remediation Component also periodically updates the KV store with the latest decisions from CrowdSec.
+
+If your Cloudflare token has permission on D1, the remediation component will also automatically create a database to track:
+ - Number of requests processed
+ - Number of requests blocked
+
+Those metrics are exposed through the prometheus endpoint and automatically sent to crowdsec for visualisation with `cscli`.
+
+Metrics are stored in a D1 database to allow for easy retrieval by the remediation component. If your token does not have access to D1, a warning will be logged and metrics will be disabled.
 
 ## Configuration
 
@@ -171,6 +179,13 @@ cloudflare_config:
                 mode: managed # Supported Modes "managed"|"invisible"|"non-interactive"
           token: <CLOUDFLARE_ACCOUNT_TOKEN>
           account_name: [email protected]
+    worker:
+      log_only: false # If true, allow all requests, but still keep track of what would have been blocked in the metrics
+      script_name: ""
+      logpush: null
+      tags: []
+      compatibility_date: ""
+      compatibility_flags: []
 
 log_level: info
 log_media: "stdout"
@@ -193,7 +208,7 @@ For obtaining the `token`:
 
 1. Sign in as a user who has access to the desired account.
 
-Then click [this link](https://dash.cloudflare.com/profile/api-tokens?permissionGroupKeys=%5B%7B%22key%22%3A%22account_settings%22%2C%22type%22%3A%22read%22%7D%2C%7B%22key%22%3A%22challenge_widgets%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22user_details%22%2C%22type%22%3A%22read%22%7D%2C%7B%22key%22%3A%22workers_kv_storage%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22workers_routes%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22workers_scripts%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22zone%22%2C%22type%22%3A%22read%22%7D%2C%20%7B%22key%22%3A%20%22dns%22%2C%20%22type%22%3A%22read%22%7D%5D&name=) and create the token. 
+Then click [this link](https://dash.cloudflare.com/profile/api-tokens?permissionGroupKeys=%5B%7B%22key%22%3A%22account_settings%22%2C%22type%22%3A%22read%22%7D%2C%7B%22key%22%3A%22challenge_widgets%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22user_details%22%2C%22type%22%3A%22read%22%7D%2C%7B%22key%22%3A%22workers_kv_storage%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22workers_routes%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22workers_scripts%22%2C%22type%22%3A%22edit%22%7D%2C%7B%22key%22%3A%22zone%22%2C%22type%22%3A%22read%22%7D%2C%20%7B%22key%22%3A%20%22dns%22%2C%20%22type%22%3A%22read%22%7D%2C%20%7B%22key%22%3A%22d1%22%2C%20%22type%22%3A%22edit%22%7D%5D&name=) and create the token. 
 
 Alternatively, you can go to [Tokens](https://dash.cloudflare.com/profile/api-tokens) and create the token. 
 
@@ -205,6 +220,7 @@ The Remediation Component requires the following permissions to function:
 | Account          | Workers KV Storage | Edit       |
 | Account          | Workers Scripts    | Edit       |
 | Account          | Account Settings   | Read       |
+| Account          | D1                 | Edit       |
 | User             | User Details       | Read       |
 | Zone             | DNS                | Read       |
 | Zone             | Workers Routes     | Edit       |
@@ -463,6 +479,41 @@ Cloudflare account token.
 
 Account name.
 
+#### `worker.log_only`
+> bool
+
+If true, allow all requests but keep track of what would have been blocked in the metrics.
+
+Defaults to `false`
+
+#### `worker.script_name`
+> string
+
+Name to use for the worker script.
+
+Default to `crowdsec-cloudflare-worker-bouncer`.
+
+#### `worker.logpush`
+> bool
+
+Enable logpush for the worker.
+
+Default to no value.
+
+#### `worker.compatibility_date`
+> string
+
+See https://developers.cloudflare.com/workers/configuration/compatibility-dates/.
+
+Default to no value
+
+#### `worker.compatibility_flags`
+> list of strings
+
+See https://developers.cloudflare.com/workers/configuration/compatibility-flags/.
+
+Default to no value.
+
 #### `ban_template_path`
 > string
 

diff --git a/crowdsec-docs/unversioned/console/alerts/background_noise.md b/crowdsec-docs/unversioned/console/alerts/background_noise.md
@@ -1,11 +1,11 @@
 ---
-title: Background Noise Filtering
+title: Background Noise Filtering 🏅
 description: Focus on alerts that matter.
 ---
 
 The back noise filter is designed to eliminate irrelevant background sounds, enabling users to concentrate on important alerts.
 
-> 🌟 Premium feature
+> 🏅 Premium feature
 
 ### Introduction
 
@@ -23,8 +23,8 @@ This targeted approach ensures you're not overwhelmed by the volume of informati
 
 The ability to fine-tune your alert system’s sensitivity to background noise is a game-changer in cybersecurity monitoring. Our customizable noise filter settings give you control over what you deem relevant.
 
-- **Low Cancellation**: Setting the filter to a lower sensitivity allows all alerts, including the most widespread, to be visible. This setting ensures you miss nothing, providing a broad security net.
-- **High Cancellation**: Increasing the filter’s sensitivity sharpens your focus on alerts from IPs directly targeting your network. This refined approach is critical for those who wish to concentrate on direct threats, significantly reducing the volume of alerts to those with the highest relevance.
+-   **Low Cancellation**: Setting the filter to a lower sensitivity allows all alerts, including the most widespread, to be visible. This setting ensures you miss nothing, providing a broad security net.
+-   **High Cancellation**: Increasing the filter’s sensitivity sharpens your focus on alerts from IPs directly targeting your network. This refined approach is critical for those who wish to concentrate on direct threats, significantly reducing the volume of alerts to those with the highest relevance.
 
 ![Background Noise Filtering](/img/console/alerts/background-noise-finetune.png)
 

diff --git a/crowdsec-docs/unversioned/console/security_engines/troubleshooting.md b/crowdsec-docs/unversioned/console/security_engines/troubleshooting.md
@@ -5,15 +5,15 @@ description: Troubleshooting Security Engines
 
 ## Introduction
 
-> 🌟 **Premium Feature**
+> 🏅 **Premium Feature**
 
 This feature simplifies cybersecurity management by providing a quick, comprehensive view of Security Engines requiring immediate action. It's designed for efficiency, enabling you to identify critical issues such as outdated or inactive components with just one click. This functionality ensures streamlined, focused security maintenance, ideal for teams with many servers to monitor simultaneously.
 
 This feature will detect the following behaviors needing your remediation attention:
 
-- **Inactive Remediation component**: Inactive Remediation Components detected. Affected Security Engines may be unprotected. Please review for possible Engine or machine configuration issues.
-- **No alerts received within the last 24 hours**: Security Engines have not shared alerts during the previous 24 hours. This could indicate an issue with your machine or monitoring setup. Please validate your setup.
-- **Security Engines to update**: Security Engines are out of date. This may compromise your security. Please update to the latest version as soon as possible.
+-   **Inactive Remediation component**: Inactive Remediation Components detected. Affected Security Engines may be unprotected. Please review for possible Engine or machine configuration issues.
+-   **No alerts received within the last 24 hours**: Security Engines have not shared alerts during the previous 24 hours. This could indicate an issue with your machine or monitoring setup. Please validate your setup.
+-   **Security Engines to update**: Security Engines are out of date. This may compromise your security. Please update to the latest version as soon as possible.
 
 ## Usage