[WAF] Update dashboard instructions (#20759)

---------

Co-authored-by: marciocloudflare <[email protected]>

Author: 2 people

public/robots.txt

@@ -5,5 +5,6 @@ Disallow: /plans/
 Disallow: /constellation
 Disallow: /cdn-cgi/
 Disallow: /google-tag-first-party-mode/
+Disallow: /security/
 
 Sitemap: https://developers.cloudflare.com/sitemap-index.xml

src/components/overrides/Head.astro

@@ -10,6 +10,7 @@ import type { CollectionEntry } from "astro:content";
 // grab the current top-level folder. Remove . characters for 1.1.1.1 URL
 const currentSection = Astro.url.pathname.split("/")[1].replaceAll(".", "");
 const head = Astro.locals.starlightRoute.entry.data.head;
+const noIndexProductsList = ["style-guide", "security"];
 
 if (currentSection) {
 	const product = await getEntry("products", currentSection);
@@ -77,7 +78,7 @@ if (currentSection) {
 		}
 	}
 
-	if (currentSection === "style-guide") {
+	if (noIndexProductsList.includes(currentSection)) {
 		head.push({
 			tag: "meta",
 			attrs: {

src/content/docs/api-shield/security/jwt-validation/index.mdx

@@ -35,7 +35,8 @@ To automatically keep your JWKS up to date when your identity provider refreshes
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account and domain.
 2. Go to **Security** > **API Shield** > **API Rules**.
-3. Add a name for your rule.
+3. <a id="rule-form"/>
+   Add a name for your rule.
 4. Select a hostname to protect requests with saved endpoints using the rule.
 5. Deselect any endpoints that you want JWT Validation to ignore (for example, an endpoint used to generate a JWT).
 6. Select the Token Validation Configuration that corresponds to the incoming requests.

src/content/docs/api-shield/security/sequence-mitigation/index.mdx

@@ -45,7 +45,8 @@ For example, if there was an authorization bug that allowed users to iterate thr
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
 2. Go to **Security** > **API Shield** > **API Rules**.
 3. Select **Create sequence rule**.
-4. Name your rule.
+4. <a id="rule-form"/>
+   Name your rule.
 5. Select a starting endpoint. This is the endpoint that you expect users to hit first in their request flow when using your API.
    1. Choose a hostname to display the list of endpoints for that hostname.
    2. Choose an endpoint.

src/content/docs/page-shield/policies/create-dashboard.mdx

@@ -13,7 +13,8 @@ description: Learn how to create a Page Shield policy in the Cloudflare dashboar
 
 3. Select **Create policy**.
 
-4. Enter a descriptive name for the rule in **Description**.
+4. <a id="rule-form" />
+   Enter a descriptive name for the rule in **Description**.
 
 5. Under **If incoming requests match**, define the policy scope. You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
 
@@ -23,7 +24,6 @@ description: Learn how to create a Page Shield policy in the Cloudflare dashboar
    - To refresh the displayed sources based on Page Shield's detected resources, select **Refresh suggestions**.
 
      :::note
-
      Page Shield provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
      :::
 

src/content/docs/security/analytics.mdx

@@ -0,0 +1,58 @@
+---
+title: Security Analytics
+pcx_content_type: concept
+sidebar:
+  order: 3
+description: Security Analytics shows information about all incoming HTTP requests or mitigated requests (rule matches).
+---
+
+import { GlossaryTooltip } from "~/components";
+
+Security Analytics shows information about all incoming HTTP requests or only about requests mitigated by Cloudflare.
+
+Use Security Analytics as your starting point to understand and analyze traffic patterns, and to create security rules based on the filters you applied.
+
+## Traffic
+
+The **Traffic** tab displays information about all incoming HTTP requests for your domain, including requests not handled by Cloudflare security products.
+
+In this tab you can perform several tasks:
+
+- View the traffic distribution for your domain.
+- Understand which traffic is being mitigated by Cloudflare security products, and where non-mitigated traffic is being served from (Cloudflare global network or [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/)).
+- Analyze suspicious traffic and create tailored custom [security rules](/security/rules/) based on applied filters.
+- [Find an appropriate rate limit](/waf/rate-limiting-rules/find-rate-limit/) for incoming traffic.
+
+For information on how to use the **Traffic** tab, refer to [Security Analytics](/waf/analytics/security-analytics/#adjusting-displayed-data).
+
+If you need to modify existing security-related rules you already configured, consider also using the [Events](#events) tab. This tab displays information about requests affected by Cloudflare security products.
+
+### Suspicious activity
+
+The suspicious activity gives you information about suspicious requests that were identified by the Cloudflare detections you have enabled. The supported detections include:
+
+- [Account takeover](/bots/concepts/detection-ids/#account-takeover-detections)
+- [Leaked credential check](/waf/detections/leaked-credentials/) (only for user and password leaked)
+- [Malicious uploads](/waf/detections/malicious-uploads/)
+- Firewall for AI
+- [WAF attack score](/waf/detections/attack-score/)
+
+Each suspicious activity is classified with a severity score that can vary from critical to low. You can use the filter option to investigate further.
+
+:::note
+The **Traffic** tab includes functionality available in the [Security Analytics](/waf/analytics/security-analytics/) page in the previous dashboard navigation structure. However, some page elements will appear in a different order, or they may be unavailable in the **Traffic** tab, such as Insights or the score-based analyses sidebar.
+:::
+
+## Events
+
+Use the **Events** tab to review <GlossaryTooltip term="mitigated request">mitigated requests</GlossaryTooltip> and to tailor your security configurations.
+
+The **Events** tab displays information about requests actioned or flagged by Cloudflare security products. Each incoming HTTP request might generate one or more security events. The tab only shows these events, not the HTTP requests themselves. To obtain information on all incoming HTTP requests, use the [Traffic](#traffic) tab.
+
+Users on a Free plan can view summarized events by date in sampled logs. Customers on paid plans have access to additional graphs and dashboards that summarize the most relevant information about the current behavior of Cloudflare's security features on your zone.
+
+For more information on the **Events** tab, refer to [Security Events](/waf/analytics/security-events/).
+
+:::note
+The **Events** tab corresponds to the [Security Events](/waf/analytics/security-events/) page in the previous dashboard navigation structure.
+:::

src/content/docs/security/index.mdx

@@ -0,0 +1,66 @@
+---
+title: Security dashboard (beta)
+pcx_content_type: overview
+sidebar:
+  order: 1
+description: The Security dashboard (beta) helps you understand the current security posture of your web applications and allows you configure different security rules for those applications.
+head:
+  - tag: title
+    content: Overview
+---
+
+import { Card, CardGrid, Feature, LinkTitleCard, RelatedProduct } from "~/components";
+
+The Security dashboard (beta) is your starting point to better understand the security posture of your web applications, and to configure rules to protect them.
+
+<Card title="New dashboard experience" icon="rocket">
+
+The new **Security** navigation in the Cloudflare dashboard is currently available in beta for users that opt in to the new user interface. To opt in:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and domain.
+2. Open any page under **Security**.
+3. In the top right-hand corner of the page, select **Try new security dashboard**.
+
+You can swap back to the previous dashboard at any time by selecting **Return to old security dashboard** in the same page location.
+
+</Card>
+
+## Features
+
+<Feature header="Security overview" href="/security/overview/" cta="Explore Security overview">
+	Get a high-level overview of your domain's security posture.
+</Feature>
+
+<Feature
+	header="Security Analytics"
+	href="/security/analytics/"
+	cta="Explore Security Analytics"
+>
+	Shows information about all incoming HTTP requests or mitigated requests (rule
+	matches). Tailor your security configurations based on sampled logs.
+</Feature>
+
+<Feature header="Web asset discovery" href="/security/resources/">
+	Discover your web assets (including API endpoints) and instruct Cloudflare how
+	to best protect them.
+</Feature>
+
+<Feature header="Security rules" href="/security/rules/">
+	Perform security actions on incoming requests that match specified filters.
+</Feature>
+
+---
+
+## More resources
+
+<CardGrid>
+
+<LinkTitleCard
+	title="Plans"
+	href="https://www.cloudflare.com/plans/#overview"
+	icon="document"
+>
+	Compare available Cloudflare plans
+</LinkTitleCard>
+
+</CardGrid>

src/content/docs/security/overview.mdx

@@ -0,0 +1,17 @@
+---
+title: Security overview
+pcx_content_type: concept
+sidebar:
+  order: 2
+---
+
+Security overview provides a high-level security overview of you zone. Security overview allows you to review the security posture of your domain. The security overview page is available on both the new security dashboard as well as the existing security dashboard.
+
+The Security overview page will display the following information:
+
+- **Traffic last 7 days**: Review traffic from the last seven days that has been mitigated, served by Cloudflare, and served by origin.
+- **Security posture**:
+  - **Configurations**: Review your currently enabled configurations, and whether additional configurations are required for them.
+  - **Suggestions**: Review security suggestions to improve your security posture.
+- **Rules with the most activity**: Review the number of times a security rule has been activated by matching requests.
+- **Last updated rules**: Review rules you recently changed.

src/content/docs/security/rules.mdx

@@ -0,0 +1,51 @@
+---
+title: Security rules
+pcx_content_type: concept
+sidebar:
+  order: 5
+description: Security rules perform security actions on incoming requests that match specified filters.
+---
+
+Security rules perform security-related actions on incoming requests that match specified filters. Rules are evaluated and executed in order, from first to last.
+
+## Security rules
+
+The **Security rules** tab includes a list of different types of rules configured in your zone to protect your applications and resources.
+
+To create a security rule:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and zone.
+2. Go to **Security** > **Security rules**.
+3. (Optional) Select **Templates**, and then select a template from the list. You can customize the default configuration of the template before deploying the new rule. Refer to the resources listed in the next step.
+4. Select **Create rule** > select the type of rule you want to create. Refer to the following resources about each rule type:
+   - [Custom rules](/waf/custom-rules/create-dashboard/#rule-form)
+   - [Rate limiting rules](/waf/rate-limiting-rules/create-zone-dashboard/#rule-form)
+   - [API sequence rules](/api-shield/security/sequence-mitigation/#rule-form)
+   - [API JWT validation rules](/api-shield/security/jwt-validation/#rule-form) (requires a [token configuration](/security/settings/#all-settings))
+   - [Managed rules exceptions](/waf/managed-rules/waf-exceptions/define-dashboard/#2-define-basic-exception-parameters)
+   - [Content security rules](/page-shield/policies/create-dashboard/#rule-form) (previously known as Page Shield policies)
+
+:::note[Notes]
+
+The **Security rules** tab includes functionality available in different products in the previous dashboard navigation structure, such as the [WAF](/waf/), [API Shield](/api-shield/), and [Page Shield](/page-shield/).
+
+The tab may show additional rule types if you have configured at least one of the following:
+
+- [IP access rules](/waf/tools/ip-access-rules/)
+- [User agent blocking rules](/waf/tools/user-agent-blocking/)
+- [Zone lockdown rules](/waf/tools/zone-lockdown/)
+
+:::
+
+## DDoS protection
+
+The **DDoS Protection** tab shows the multiple DDoS mitigation services provided by Cloudflare. You can create rules to override these mitigation tools. DDoS attack protection overrides are only available to Enterprise customers with the Advanced DDoS Protection subscription.
+
+To learn more about DDoS protection overrides, refer to the following resources:
+
+- [HTTP DDoS attack protection overrides](/ddos-protection/managed-rulesets/http/override-expressions/)
+- [Network-layer DDoS attack protection overrides](/ddos-protection/managed-rulesets/network/override-expressions/)
+
+:::note
+You define overrides for the Network-layer DDoS attack protection managed ruleset at the account level in Account Home > **L3/4 DDoS** > **Network-layer DDoS Protection**.
+:::