crowdsecurity
diff --git a/‎crowdsec-docs/docs/intro.mdx‎
Lines changed: 38 additions & 5 deletions b/‎crowdsec-docs/docs/intro.mdx‎
Lines changed: 38 additions & 5 deletions
diff --git a/‎crowdsec-docs/static/img/simplified_SE_overview.png‎
129 KB b/‎crowdsec-docs/static/img/simplified_SE_overview.png‎
129 KB
diff --git a/‎crowdsec-docs/static/img/simplified_SE_underthehood.gif‎
750 KB b/‎crowdsec-docs/static/img/simplified_SE_underthehood.gif‎
750 KB
@@ -7,17 +7,25 @@ id: intro
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import AcademyPromo from '@site/src/components/AcademyPromo';
 
+<!-- @tko
+
+ - replace the image with a gif 
+ - edit the image to have the same background color
+ - add the cool miniature for the console
+
+-->
+
 <div style={{display: 'flex'}}>
     <div style={{textAlign: 'center', flex: '1'}}>
-    <img width="800" height="auto" src={useBaseUrl('/img/crowdsec_ecosystem.png')} />
+    <img width="800" height="auto" src={useBaseUrl('/img/simplified_SE_overview.png')} />
     </div>
 </div>
 &nbsp;
 &nbsp;
 
-The [CrowdSec Security Engine](https://github.com/crowdsecurity/crowdsec) is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log analysis and threat patterns called scenarios. 
+The [CrowdSec Security Engine](https://github.com/crowdsecurity/crowdsec) is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log and HTTP Requests analysis with threat patterns called scenarios. 
 
-CrowdSec is a modular framework, offering a variety of [popular scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access.
+CrowdSec is a modular framework, offering a variety of [scenarios](https://app.crowdsec.net/hub/collections). Users can choose their protection scenarios and deploy [Remediation Components](https://app.crowdsec.net/hub/bouncers) to block malicious access.
 
 The crowd-sourced aspect allows sharing attack information among users, enhancing real-time attack detection and preemptive blocking of known bad actors from your system.
 
@@ -26,8 +34,9 @@ The crowd-sourced aspect allows sharing attack information among users, enhancin
 In addition to the core "detect and react" mechanism, CrowdSec is committed to several other key aspects:
 
 - **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/getting_started/versions_matrix.md).
-- **Simplified Daily Operations**: Use [cscli](/cscli/cscli.md) and the [hub](http://hub.crowdsec.net) for effortless maintenance and keeping your detection mechanisms up-to-date.
+- **Simplified Daily Operations**: Use the [console](http://app.crowdsec.net) and [cscli](/cscli/cscli.md) for effortless maintenance and keeping your detection mechanisms up-to-date.
 - **Reproducibility**: The Security Engine can analyze not only live logs but also [cold logs](/u/user_guides/replay_mode), making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
+- **Versatile**: The Security Engine can analyze [system logs](/docs/data_sources/intro) and [HTTP Requests](/docs/next/appsec/intro) to exhaustively protect your perimeter.
 - **Observability**: Providing valuable insights into the system's activity:
     - Users can view/manage alerts from the ([Console](https://app.crowdsec.net/signup)).
     - Operations personnel have access to detailed Prometheus metrics ([Prometheus](/observability/prometheus.md)).
@@ -38,12 +47,36 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 ## Architecture
 
 
+<!-- @kka : update schema:
+    - align text
+    - rename data sources to log sources
+    - move log sources out of the SE box
+-->
 <div style={{display: 'flex'}}>
     <div style={{textAlign: 'center', flex: '1'}}>
-    <img src={useBaseUrl('/img/crowdsec_architecture.png')}></img>
+    <img src={useBaseUrl('/img/simplified_SE_underthehood.gif')}></img>
     </div>
 </div>
 
+Under the hood, the Security Engine has various components:
+ 
+ - The [Log Processor](...) is in charge of detection: it analyzes logs from various data sources or HTTP requests from web servers.
+ - The [Local API](...) acts as a middle man between the [Log Processors](...) and the [Remediation Components](...) which are in charge of enforcing decisions.
+ - The [Remediation Components](...) - also known as bouncers - are in charge of blocking bad IPs by using the components already available.
+
+
+<!-- @tko
+ - decide which ones to keep in the list and make (short) dedicated pages for those
+-->
+
+This architecture allows great flexibility in setups. Find the one relevant to you:
+ - I have one or more machine with no log pit (ie. VPS)
+ - I have an existing log pit (ie. rsyslog)
+ - I am running containers
+ - I am running kubernetes
+ - Just show me an example architecture
+
+
 <AcademyPromo
   image="crowdsec_fundamentals.svg"
   description="Watch a short series of videos on how to install CrowdSec and protect your infrastructure"