diff --git a/calico-cloud/threat/configuring-webhooks.mdx b/calico-cloud/threat/configuring-webhooks.mdx index 0754a384c1..3f0cf16d61 100644 --- a/calico-cloud/threat/configuring-webhooks.mdx +++ b/calico-cloud/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints. title: Webhooks for security events --- diff --git a/calico-cloud/threat/container-threat-detection.mdx b/calico-cloud/threat/container-threat-detection.mdx index 7ce76cd0fb..ce1a17eba0 100644 --- a/calico-cloud/threat/container-threat-detection.mdx +++ b/calico-cloud/threat/container-threat-detection.mdx @@ -1,5 +1,5 @@ --- -description: Threat detection for containerized workloads. +description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine. redirect_from: - /threat/malware-detection --- diff --git a/calico-cloud/threat/deeppacketinspection.mdx b/calico-cloud/threat/deeppacketinspection.mdx index 35afa3f8f2..7a84feb420 100644 --- a/calico-cloud/threat/deeppacketinspection.mdx +++ b/calico-cloud/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-cloud/threat/deploying-waf-ingress-gateway.mdx b/calico-cloud/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..bf057309cc 100644 --- a/calico-cloud/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-cloud/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-cloud/threat/index.mdx b/calico-cloud/threat/index.mdx index e5596789bf..9796e9f566 100644 --- a/calico-cloud/threat/index.mdx +++ b/calico-cloud/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF. hide_table_of_contents: true --- diff --git a/calico-cloud/threat/security-event-management.mdx b/calico-cloud/threat/security-event-management.mdx index 6099fd7db5..340c96b74a 100644 --- a/calico-cloud/threat/security-event-management.mdx +++ b/calico-cloud/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-cloud/threat/suspicious-domains.mdx b/calico-cloud/threat/suspicious-domains.mdx index b51a93e6d1..983821f340 100644 --- a/calico-cloud/threat/suspicious-domains.mdx +++ b/calico-cloud/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-cloud/threat/suspicious-ips.mdx b/calico-cloud/threat/suspicious-ips.mdx index 496577d2b7..0314267b42 100644 --- a/calico-cloud/threat/suspicious-ips.mdx +++ b/calico-cloud/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx index 4d7ae9d16c..b95692af09 100644 --- a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console. --- # Anonymization attacks diff --git a/calico-cloud/threat/web-application-firewall.mdx b/calico-cloud/threat/web-application-firewall.mdx index 27565cab50..b92f5e6b5a 100644 --- a/calico-cloud/threat/web-application-firewall.mdx +++ b/calico-cloud/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx b/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx index 0754a384c1..3f0cf16d61 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints. title: Webhooks for security events --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx b/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx index 7ce76cd0fb..ce1a17eba0 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx @@ -1,5 +1,5 @@ --- -description: Threat detection for containerized workloads. +description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine. redirect_from: - /threat/malware-detection --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx b/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx index 35afa3f8f2..7a84feb420 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx b/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..bf057309cc 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-cloud_versioned_docs/version-22-2/threat/index.mdx b/calico-cloud_versioned_docs/version-22-2/threat/index.mdx index e5596789bf..9796e9f566 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/index.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF. hide_table_of_contents: true --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx b/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx index 6099fd7db5..340c96b74a 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx index b51a93e6d1..983821f340 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx index 496577d2b7..0314267b42 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx b/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx index 4d7ae9d16c..b95692af09 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console. --- # Anonymization attacks diff --git a/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx b/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx index 27565cab50..b92f5e6b5a 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise/threat/configuring-webhooks.mdx b/calico-enterprise/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise/threat/configuring-webhooks.mdx +++ b/calico-enterprise/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise/threat/deeppacketinspection.mdx b/calico-enterprise/threat/deeppacketinspection.mdx index d5cd3cbadf..80cdadb7ab 100644 --- a/calico-enterprise/threat/deeppacketinspection.mdx +++ b/calico-enterprise/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise/threat/index.mdx b/calico-enterprise/threat/index.mdx index 4663f4c54f..d8c5d3e3d5 100644 --- a/calico-enterprise/threat/index.mdx +++ b/calico-enterprise/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise/threat/security-event-management.mdx b/calico-enterprise/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise/threat/security-event-management.mdx +++ b/calico-enterprise/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise/threat/suspicious-domains.mdx b/calico-enterprise/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise/threat/suspicious-domains.mdx +++ b/calico-enterprise/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise/threat/suspicious-ips.mdx b/calico-enterprise/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise/threat/suspicious-ips.mdx +++ b/calico-enterprise/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise/threat/web-application-firewall.mdx b/calico-enterprise/threat/web-application-firewall.mdx index 53b471d02b..9a5ce57895 100644 --- a/calico-enterprise/threat/web-application-firewall.mdx +++ b/calico-enterprise/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx index 6208720013..3e3cdbe5ab 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx index 4663f4c54f..d8c5d3e3d5 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx index 84d41756b8..3baa40020b 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx index d5cd3cbadf..80cdadb7ab 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx index 4663f4c54f..d8c5d3e3d5 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx index 84d41756b8..3baa40020b 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF)