tigera · ctauchen · May 13, 2026 · May 12, 2026 · May 13, 2026
@@ -1,5 +1,5 @@
 ---
-description: Use webhooks to send security event alerts to third-party systems.
+description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints.
 title: Webhooks for security events
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Threat detection for containerized workloads.
+description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine.
 redirect_from:
   - /threat/malware-detection
 ---

@@ -1,5 +1,5 @@
 ---
-description: Monitor live traffic for malicious activities.
+description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic.
 ---
 
 # Deep packet inspection

@@ -1,5 +1,5 @@
 ---
-description: Deploy WAF with ingress gateways
+description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.
 ---
 
 # Deploy a web application firewall with Calico Ingress Gateway

@@ -1,5 +1,5 @@
 ---
-description: Trace, analyze, and block malicious threats using intelligent feeds and alerts.
+description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF.
 hide_table_of_contents: true
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Manage security events from your cluster in a single place.
+description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.
 ---
 
 # Security event management

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
+description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard.
 ---
 
 # Trace and alert on suspicious domains

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
+description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy.
 ---
 
 # Trace and block suspicious IPs

@@ -1,5 +1,5 @@
 ---
-description: Detect and analyze malicious anonymization activity using Tor-VPN feeds.
+description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console.
 ---
 
 # Anonymization attacks

@@ -1,5 +1,5 @@
 ---
-description: Configure Calico to use with Layer 7 Web Application Firewall.
+description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.
 ---
 
 # Workload-based Web Application Firewall (WAF)

@@ -1,5 +1,5 @@
 ---
-description: Use webhooks to send security event alerts to third-party systems.
+description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints.
 title: Webhooks for security events
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Threat detection for containerized workloads.
+description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine.
 redirect_from:
   - /threat/malware-detection
 ---

@@ -1,5 +1,5 @@
 ---
-description: Monitor live traffic for malicious activities.
+description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic.
 ---
 
 # Deep packet inspection

@@ -1,5 +1,5 @@
 ---
-description: Deploy WAF with ingress gateways
+description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.
 ---
 
 # Deploy a web application firewall with Calico Ingress Gateway

@@ -1,5 +1,5 @@
 ---
-description: Trace, analyze, and block malicious threats using intelligent feeds and alerts.
+description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF.
 hide_table_of_contents: true
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Manage security events from your cluster in a single place.
+description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.
 ---
 
 # Security event management

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
+description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard.
 ---
 
 # Trace and alert on suspicious domains

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
+description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy.
 ---
 
 # Trace and block suspicious IPs

@@ -1,5 +1,5 @@
 ---
-description: Detect and analyze malicious anonymization activity using Tor-VPN feeds.
+description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console.
 ---
 
 # Anonymization attacks

@@ -1,5 +1,5 @@
 ---
-description: Configure Calico to use with Layer 7 Web Application Firewall.
+description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.
 ---
 
 # Workload-based Web Application Firewall (WAF)

@@ -1,5 +1,5 @@
 ---
-description: Use webhooks to send security event alerts to third-party systems.
+description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster.
 title: Webhooks for security events
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Monitor live traffic for malicious activities.
+description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic.
 ---
 
 # Deep packet inspection

@@ -1,5 +1,5 @@
 ---
-description: Deploy WAF with ingress gateways
+description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.
 ---
 
 # Deploy a web application firewall with Calico Ingress Gateway

@@ -1,5 +1,5 @@
 ---
-description: Trace, analyze, and block malicious threats using intelligent feeds and alerts.
+description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF.
 hide_table_of_contents: true
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Manage security events from your cluster in a single place.
+description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.
 ---
 
 # Security event management

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
+description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard.
 ---
 
 # Trace and alert on suspicious domains

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
+description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy.
 ---
 
 # Trace and block suspicious IPs

@@ -1,5 +1,5 @@
 ---
-description: Detect and analyze malicious anonymization activity using Tor-VPN feeds.
+description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard.
 ---
 
 # Anonymization attacks

@@ -1,5 +1,5 @@
 ---
-description: Configure Calico to use with Layer 7 Web Application Firewall.
+description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.
 ---
 
 # Workload-based Web Application Firewall (WAF)

@@ -1,5 +1,5 @@
 ---
-description: Use webhooks to send security event alerts to third-party systems.
+description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster.
 title: Webhooks for security events
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Monitor live traffic for malicious activities.
+description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic.
 ---
 
 # Deep packet inspection

@@ -1,5 +1,5 @@
 ---
-description: Deploy WAF with ingress gateways
+description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.
 ---
 
 # Deploy a web application firewall with Calico Ingress Gateway

@@ -1,5 +1,5 @@
 ---
-description: Trace, analyze, and block malicious threats using intelligent feeds and alerts.
+description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF.
 hide_table_of_contents: true
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Manage security events from your cluster in a single place.
+description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.
 ---
 
 # Security event management

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
+description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard.
 ---
 
 # Trace and alert on suspicious domains

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
+description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy.
 ---
 
 # Trace and block suspicious IPs

@@ -1,5 +1,5 @@
 ---
-description: Detect and analyze malicious anonymization activity using Tor-VPN feeds.
+description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard.
 ---
 
 # Anonymization attacks

@@ -1,5 +1,5 @@
 ---
-description: Configure Calico to use with Layer 7 Web Application Firewall.
+description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.
 ---
 
 # Workload-based Web Application Firewall (WAF)

@@ -1,5 +1,5 @@
 ---
-description: Use webhooks to send security event alerts to third-party systems.
+description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster.
 title: Webhooks for security events
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Monitor live traffic for malicious activities.
+description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic.
 ---
 
 # Deep packet inspection

@@ -1,5 +1,5 @@
 ---
-description: Deploy WAF with ingress gateways
+description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.
 ---
 
 # Deploy a web application firewall with Calico Ingress Gateway

@@ -1,5 +1,5 @@
 ---
-description: Trace, analyze, and block malicious threats using intelligent feeds and alerts.
+description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF.
 hide_table_of_contents: true
 ---
 

@@ -1,5 +1,5 @@
 ---
-description: Manage security events from your cluster in a single place.
+description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.
 ---
 
 # Security event management

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
+description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard.
 ---
 
 # Trace and alert on suspicious domains

@@ -1,5 +1,5 @@
 ---
-description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
+description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy.
 ---
 
 # Trace and block suspicious IPs

@@ -1,5 +1,5 @@
 ---
-description: Detect and analyze malicious anonymization activity using Tor-VPN feeds.
+description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard.
 ---
 
 # Anonymization attacks

@@ -1,5 +1,5 @@
 ---
-description: Configure Calico to use with Layer 7 Web Application Firewall.
+description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.
 ---
 
 # Workload-based Web Application Firewall (WAF)