Improve documentation

Author: AlteredCoder

crowdsec-docs/sidebarsUnversioned.js

@@ -18,9 +18,10 @@ module.exports = {
                 "cti_api/taxonomy/cti_object",
                 "cti_api/taxonomy/scores",
                 "cti_api/taxonomy/scenarios",
-                "cti_api/taxonomy/classifications",
                 "cti_api/taxonomy/behaviors",
+                "cti_api/taxonomy/classifications",
                 "cti_api/taxonomy/false_positives",
+                "cti_api/taxonomy/benign",
             ],
         },
         {

crowdsec-docs/src/components/tableRender.js

@@ -5,7 +5,7 @@ import BrowserOnly from '@docusaurus/BrowserOnly';
 import {useColorMode} from '@docusaurus/theme-common';
 
 
-const TableRender = ({ columns, url }) => {
+const TableRender = ({ columns, url, include=[], exclude=[] }) => {
     const [jsonContent, setJsonContent] = useState()
     const {colorMode} = useColorMode();
 
@@ -38,7 +38,16 @@ const TableRender = ({ columns, url }) => {
                     // filter duplicate names
                     const item = data[key];
                     const name = item["name"];
-
+                    for (let i = 0; i < exclude.length; i++) {
+                        if (name.includes(exclude[i])) {
+                            return
+                        }
+                    }
+                    for (let i = 0; i < include.length; i++) {
+                        if (!name.includes(include[i])) {
+                            return
+                        }
+                    }
                     if (names.includes(name)) {
                         return
                     }

crowdsec-docs/unversioned/cti_api/taxonomy/benign.mdx

@@ -0,0 +1,40 @@
+---
+id: benign
+title: Benign Classifications
+sidebar_position: 7
+---
+
+import TableRender from "@site/src/components/tableRender"
+import GithubIconRender from "@site/src/components/githubIconRender"
+
+export const classificationsURL =
+    "https://hub-cdn.crowdsec.net/master/taxonomy/classifications.json"
+export const columns = [
+    {
+        header: "Name",
+        accessorKey: "name",
+    },
+    {
+        header: "Description",
+        accessorKey: "description",
+    },
+]
+export const include = ["scanner:"]
+
+<GithubIconRender url={classificationsURL}></GithubIconRender>
+
+IPs in this category may raise alerts, but they are not inherently dangerous. These IPs often belong to organizations that perform legitimate activities, such as internet-wide scanning or security research.
+
+IPs belonging to those categories will have the `benign` [reputation](/u/cti_api/taxonomy/cti_object#reputation).
+
+:::note
+
+Blocking these IPs may not be necessary unless their behavior directly impacts your operations.
+
+:::
+
+<TableRender
+    columns={columns}
+    url={classificationsURL}
+    include={include}
+></TableRender>

crowdsec-docs/unversioned/cti_api/taxonomy/classifications.mdx

@@ -4,10 +4,11 @@ title: Classifications
 sidebar_position: 5
 ---
 
-import TableRender from '@site/src/components/tableRender';
-import GithubIconRender from '@site/src/components/githubIconRender';
+import TableRender from "@site/src/components/tableRender"
+import GithubIconRender from "@site/src/components/githubIconRender"
 
-export const classificationsURL = "https://hub-cdn.crowdsec.net/master/taxonomy/classifications.json";
+export const classificationsURL =
+    "https://hub-cdn.crowdsec.net/master/taxonomy/classifications.json"
 export const columns = [
     {
         header: "Name",
@@ -17,9 +18,15 @@ export const columns = [
         header: "Description",
         accessorKey: "description",
     },
-];
+]
+export const exclude = ["scanner:"]
 
 <GithubIconRender url={classificationsURL}></GithubIconRender>
 
+This classification page provides a taxonomy of IP addresses that exhibit potentially suspicious behaviors. These classifications are designed to help you identify and respond to various threat actors and malicious activities.
 
-<TableRender columns={columns} url={classificationsURL}></TableRender>
+<TableRender
+    columns={columns}
+    url={classificationsURL}
+    exclude={exclude}
+></TableRender>

crowdsec-docs/unversioned/cti_api/taxonomy/cti_fields.md

@@ -1,6 +1,6 @@
 ---
 id: cti_object
-title: CTI Format
+title: Format
 sidebar_position: 2
 ---
 

crowdsec-docs/unversioned/cti_api/taxonomy/false_positives.mdx

@@ -1,6 +1,6 @@
 ---
 id: false_positives
-title: False Positives
+title: Safe Classifications
 sidebar_position: 7
 ---
 
@@ -22,11 +22,21 @@ export const columns = [
 
 <GithubIconRender url={fpURL}></GithubIconRender>
 
+IPs in this category are considered completely safe and trusted. Alerts triggered by these IPs are likely due to misconfiguration or overly sensitive alerting rules.
+
+IPs belonging to those categories will have the `safe` [reputation](/u/cti_api/taxonomy/cti_object#reputation).
+
+:::warning
+
+You might want to investigate any alerts associated with these IPs to ensure your configuration is correct.
+
+:::
+
 <TableRender columns={columns} url={fpURL}></TableRender>
 
-## How to Get Tagged as a False Positive
+## How to Get Tagged as Safe
 
-To be able to be classified as a false positive, you need a proper technical justification of why your IP might be misclassified as a threat. This part is to be reviewed and validated by crowdsec.
+To be able to be classified as a safe IP, you need a proper technical justification of why your IP might be misclassified as a threat. This part is to be reviewed and validated by crowdsec.
 
 You also need public documentation stating the IP, ranges, and/or reverse DNS associated with the assets in question. This data must be machine-readable (no HTML, no PDF, etc.).
 

crowdsec-docs/unversioned/cti_api/taxonomy/scores.md

@@ -1,6 +1,6 @@
 ---
 id: scores
-title: CTI Scores
+title: Scores
 sidebar_position: 3
 ---