Adding more files

Author: Maddy-Cloudflare

src/content/docs/cloudflare-one/changelog/magic-firewall.mdx

@@ -0,0 +1,22 @@
+---
+pcx_content_type: changelog
+title: Magic Firewall
+---
+
+import { ProductChangelog } from "~/components";
+
+{/* <!-- Actual content lives in /src/content/changelog/magic-firewall/. Update the file there for new entries to appear here. For more details, refer to https://developers.cloudflare.com/style-guide/documentation-content-strategy/content-types/changelog/#yaml-file --> */}
+
+<ProductChangelog product="magic-firewall" hideEntry="2024-06-16-cloudflare-one"/>
+
+## 2024-09-12
+
+**New UI improvements**
+
+The dashboard now displays the order number of custom rules, and improved drag and drop functionality. You can also preview rules on a side panel without leaving the current page.
+
+## 2024-08-16
+
+**Magic Firewall Analytics Rule Log Enhancement**
+
+Customers who create a rule in a disabled mode will see the rule as **Log (rule disabled)**.

src/content/docs/cloudflare-one/insights/logs/filter-views.mdx

@@ -0,0 +1,97 @@
+---
+title: Filter different views
+pcx_content_type: how-to
+
+---
+
+You can utilize different [Log filters](/logs/logpush/logpush-job/filters/) to only view specific data from Magic Firewall.
+
+## Filter by enabled or disabled rules
+
+Use the filter examples below to filter your Magic Firewall traffic to display events for enabled or disabled rules.
+
+The example below only displays fields relevant to Magic Firewall, and the filter only displays events for disabled rules.
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/logpush/jobs \
+--header "X-Auth-Email: <EMAIL>" \
+--header "X-Auth-Key: <API_KEY>" \
+--header "Content-Type: application/json" \
+--data '{
+  ...
+  "output_options": {
+      "field_names": ["ColoName", "Datetime", "Direction", "IPDestinationAddress", "IPDestinationSubnet", "IPProtocol","IPSourceAddress", "IPSourceSubnet", "Outcome", "RuleID", "RulesetID", "SampleInterval", "Verdict"],
+  },
+  "filter": "{\"where\":{\"or\":[{\"and\":[{\"key\":\"MitigationSystem\",\"operator\":\"eq\",\"value\":\"magic-firewall\"},{\"key\":\"RulesetID\",\"operator\":\"!eq\",\"value\":\"\"},{\"key\":\"Outcome\",\"operator\":\"eq\",\"value\":\"pass\"},{\"key\":\"Verdict\",\"operator\":\"eq\",\"value\":\"drop\"}]}]}}"
+}'
+```
+
+The example below only displays fields relevant to Magic Firewall, and the filter only displays events for enabled rules.
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/logpush/jobs \
+--header "X-Auth-Email: <EMAIL>" \
+--header "X-Auth-Key: <API_KEY>" \
+--header "Content-Type: application/json" \
+--data '{
+  ...
+  "output_options": {
+      "field_names": ["ColoName", "Datetime", "Direction", "IPDestinationAddress", "IPDestinationSubnet", "IPProtocol","IPSourceAddress", "IPSourceSubnet", "Outcome", "RuleID", "RulesetID", "SampleInterval", "Verdict"],
+  },
+  "filter": "{\"where\":{\"or\":[{\"and\":[{\"key\":\"MitigationSystem\",\"operator\":\"eq\",\"value\":\"magic-firewall\"},{\"key\":\"RulesetID\",\"operator\":\"!eq\",\"value\":\"\"},{\"or\":[{\"key\":\"Outcome\",\"operator\":\"eq\",\"value\":\"drop\"},{\"key\":\"Verdict\",\"operator\":\"eq\",\"value\":\"pass\"}]}]}]}}"
+}'
+```
+
+## Filter by allowed or blocked traffic
+
+Use the filter examples below to filter your Magic Firewall traffic to display events for allowed or blocked traffic.
+
+The example below only displays fields relevant to Magic Firewall, and the filter only displays events where no explicit action was taken, for example, a packet "fell through" Magic Firewall. This example does not have any rules applied.
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/logpush/jobs \
+--header "X-Auth-Email: <EMAIL>" \
+--header "X-Auth-Key: <API_KEY>" \
+--header "Content-Type: application/json" \
+--data '{
+  ...
+  "output_options": {
+      "field_names": ["ColoName", "Datetime", "Direction", "IPDestinationAddress", "IPDestinationSubnet", "IPProtocol","IPSourceAddress", "IPSourceSubnet", "Outcome", "RuleID", "RulesetID", "SampleInterval", "Verdict"],
+  },
+  "filter": "{\"where\":{\"and\":[{\"key\":\"MitigationSystem\",\"operator\":\"eq\",\"value\":\"magic-firewall\"},{\"key\":\"RulesetID\",\"operator\":\"eq\",\"value\":\"\"}]}}"
+}'
+```
+
+The example below only displays fields relevant to Magic Firewall, and the filter only displays events where explicit action was taken. The example includes both enabled and disabled Magic Firewall rules.
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/logpush/jobs \
+--header "X-Auth-Email: <EMAIL>" \
+--header "X-Auth-Key: <API_KEY>" \
+--header "Content-Type: application/json" \
+--data '{
+  ...
+  "output_options": {
+      "field_names": ["ColoName", "Datetime", "Direction", "IPDestinationAddress", "IPDestinationSubnet", "IPProtocol","IPSourceAddress", "IPSourceSubnet", "Outcome", "RuleID", "RulesetID", "SampleInterval", "Verdict"],
+  },
+  "filter": "{\"where\":{\"and\":[{\"key\":\"MitigationSystem\",\"operator\":\"eq\",\"value\":\"magic-firewall\"},{\"key\":\"RulesetID\",\"operator\":\"!eq\",\"value\":\"\"}]}}"
+}'
+```
+
+## Filter by relevant fields to Magic Firewall
+
+Use the examples below to filter out fields that are not relevant to traffic flowing through Magic Firewall. The example below only includes Magic Firewall events.
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/logpush/jobs \
+--header "X-Auth-Email: <EMAIL>" \
+--header "X-Auth-Key: <API_KEY>" \
+--header "Content-Type: application/json" \
+--data '{
+  ...
+  "output_options": {
+      "field_names": ["ColoName", "Datetime", "Direction", "IPDestinationAddress", "IPDestinationSubnet", "IPProtocol","IPSourceAddress", "IPSourceSubnet", "Outcome", "RuleID", "RulesetID", "SampleInterval", "Verdict"],
+  },
+  "filter": "{\"where\":{\"key\":\"MitigationSystem\",\"operator\":\"eq\",\"value\":\"magic-firewall\"}}"
+}'
+```

src/content/docs/cloudflare-one/insights/logs/use-logpush-with-ids.mdx

@@ -0,0 +1,21 @@
+---
+title: Use Logpush with IDS
+pcx_content_type: concept
+
+---
+
+You can use Logpush with Magic Firewall IDS to log detected risks:
+
+1. Consult the [Logpush Destination docs](/logs/logpush/logpush-job/api-configuration/#destination) to learn about what destinations Logpush supports. The documentation will also instruct you on how to correctly format the destination URL for Logpush.
+
+2. Follow the [Manage Lopush with cURL](/logs/logpush/examples/example-logpush-curl/) tutorial to validate your Logpush destination and define a Logpush job.
+
+## Notes on using Logpush with IDS
+
+* Magic IDS is an account-scoped dataset. This means the string `/zone/<ZONE_ID>` in the Cloudflare API URLs in the tutorial should be replaced with `/account/<ACCOUNT_ID>`.
+
+* Consult the [Magic IDS Detection fields doc](/logs/logpush/logpush-job/datasets/account/magic_ids_detections/) to know what fields you want configured for the job.
+
+* When creating the Logpush job, the dataset field should equal `magic_ids_detections`.
+
+* Timestamps by default are unixnano. Consult the [Logpush Options docs](/logs/logpush/logpush-job/api-configuration/#options) to learn what format you can choose that will be compatible with your destination and/or expectations. Note that all options must be added *after* all fields you want from the Logpush job, akin to URL parameters.

src/content/docs/cloudflare-one/insights/network-visibility/diagnostics/buckets.mdx

@@ -17,16 +17,11 @@ Learn how to set up a bucket for use with full packet captures.
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In the Cloudflare One dashboard, go to the **Packet captures** page in Magic Transit or Magic WAN.
-
-	To set up a bucket in Magic Transit: <DashButton url="/?to=/:account/magic-transit/packet-captures/captures" />
-
-	To set up a bucket in Magic WAN: <DashButton url="/?to=/:account/magic-wan/packet-captures/captures" />
-2. Select the **Buckets** tab.
-3. Select **Add a bucket**.
-4. Under **Bucket configuration**, select a bucket service and select **Next**.
-5. Enter the information related to your bucket for your service provider.
-6. When you are done, select **Next**.
+1. In the [Cloudflare One](https://one.dash.cloudflare.com) dashboard, go to **Network visibility** > **Diagnostics**.
+2. Select the **Buckets** tab > **Add a bucket**.
+3. Select a bucket service and select **Next**.
+4. Enter the information related to your bucket for your service provider.
+5. When you are done, select **Next**.
 
 The **Prove ownership** step of the **Bucket configuration** displays.
 

src/content/docs/cloudflare-one/insights/network-visibility/diagnostics/index.mdx

@@ -30,4 +30,4 @@ Full packet captures will collect new traffic sent to Cloudflare's network after
 
 Refer to the articles in this section to learn how to use packet captures.
 
-<DirectoryListing />
+<DirectoryListing />

src/content/docs/cloudflare-one/insights/network-visibility/diagnostics/packet-captures.mdx

@@ -167,13 +167,10 @@ The response is a JSON body that contains the details of the job running to buil
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In the Cloudflare dashboard, go to the **Packet captures** page in Magic Transit or Magic WAN.
-
-	To set up a packet capture in Magic Transit: <DashButton url="/?to=/:account/magic-transit/packet-captures/captures" />
-
-	To set up a packet capture in Magic WAN: <DashButton url="/?to=/:account/magic-wan/packet-captures/captures" />
-2. In **Packet captures**, select **Start a capture**.
-3. Select the **Captures** tab.
+1. In the [Cloudflare One](https://one.dash.cloudflare.com) dashboard, go to **Network visibility** > **Diagnostics**.
+2. In **Captures**, select **Start a capture**.
+3. Select between **Full packet capture** or **Sample packet capture**, then fill in the information.
+4. Once you  filled all the information, select **Start**.
 
 </TabItem> <TabItem label="API">
 
@@ -225,14 +222,9 @@ After your request finishes processing, you can download your packet captures.
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In the Cloudflare dashboard, go to the **Packet captures** page in Magic Transit or Magic WAN.
-
-	To set up a packet capture in Magic Transit: <DashButton url="/?to=/:account/magic-transit/packet-captures/captures" />
-
-	To set up a packet capture in Magic WAN: <DashButton url="/?to=/:account/magic-wan/packet-captures/captures" />
+1. In the [Cloudflare One](https://one.dash.cloudflare.com) dashboard, go to **Network visibility** > **Diagnostics**.
 2. In **Packet captures**, select **Start a capture**.
-3. Select the **Captures** tab.
-4. Locate your packet capture you want to download, and select **Download**.
+3. Locate your packet capture you want to download, and select **Download**.
 
 Packet captures are available to download when the **Status** displays **Success**.
 
@@ -303,4 +295,4 @@ The response returns an array that includes up to 50 sent requests, which includ
 }
 ```
 
-</TabItem> </Tabs>
+</TabItem> </Tabs>