feat(cti): 📝 CTI doc - Introduction (#674)

ziracmo · web-flow · commit 982e4ba21ac2 · 2024-11-25T09:25:31.000+01:00
The first page of the CTI documentation. This page will inform the user about the CTI, what it is, and its benefits. ![image](https://github.com/user-attachments/assets/bd475f86-0e37-4f9f-9976-eea4d7d00420) ![image](https://github.com/user-attachments/assets/ff88cfa9-9867-4d7c-90b8-18786fa5c2ca) ![Capture d’écran 2024-11-18 à 15 04 09](https://github.com/user-attachments/assets/3e865337-6dff-4ecb-98ed-66cf09c5540f) The pages are coming in following PRs: - Advanced filtering with facet - IP Details page
diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js
@@ -132,7 +132,7 @@ module.exports = {
         {
             label: "Blocklists",
             type: "doc",
-            id: "blocklists/intro"
+            id: "blocklists/intro",
         },
         {
             type: "category",
@@ -174,6 +174,17 @@ module.exports = {
                 },
             ],
         },
+        {
+            type: "category",
+            label: "CTI",
+            items: [
+                {
+                    type: "doc",
+                    label: "Introduction",
+                    id: "console/cti/intro",
+                },
+            ],
+        },
         {
             type: "category",
             label: "Decision",
@@ -186,11 +197,11 @@ module.exports = {
         {
             type: "category",
             label: "Enterprise support",
-            link:{
+            link: {
                 type: "doc",
                 id: "console/enterprise_support",
             },
-            items: []
+            items: [],
         },
         {
             type: "link",
@@ -346,8 +357,8 @@ module.exports = {
                 "integrations/sophos",
                 "integrations/genericfirewall",
                 "integrations/remediationcomponent",
-            ]
-        }
+            ],
+        },
     ],
     troubleshootingSideBar: [
         {
@@ -375,7 +386,7 @@ module.exports = {
         {
             type: "doc",
             id: "service_api/getting_started",
-            label: "Getting Started"
+            label: "Getting Started",
         },
         {
             type: "category",
@@ -384,8 +395,7 @@ module.exports = {
                 "service_api/quickstart/authentication",
                 "service_api/quickstart/blocklists",
                 "service_api/quickstart/integrations",
-            ]
-
+            ],
         },
         {
             type: "category",
@@ -394,24 +404,24 @@ module.exports = {
                 {
                     type: "doc",
                     label: "Python",
-                    id: "service_api/sdks/python"
-                }
-            ]
+                    id: "service_api/sdks/python",
+                },
+            ],
         },
         {
             type: "link",
             label: "Swagger",
-            href: "https://admin.api.crowdsec.net/v1/docs#/"
+            href: "https://admin.api.crowdsec.net/v1/docs#/",
         },
         {
             type: "link",
             label: "Redoc",
-            href: "https://admin.api.crowdsec.net/v1/redoc"
+            href: "https://admin.api.crowdsec.net/v1/redoc",
         },
         {
             type: "doc",
             id: "service_api/faq",
-            label: "FAQ"
+            label: "FAQ",
         },
     ],
     guidesSideBar: [
diff --git a/crowdsec-docs/static/img/console/cti/home.jpeg b/crowdsec-docs/static/img/console/cti/home.jpeg
diff --git a/crowdsec-docs/unversioned/console/cti/intro.md b/crowdsec-docs/unversioned/console/cti/intro.md
@@ -0,0 +1,62 @@
+---
+title: Introduction
+description: Introduction to the Alerts section of the CrowdSec Console
+---
+
+**CrowdSec’s Cyber Threat Intelligence (CTI)** is a cutting-edge platform that enhances your cybersecurity defenses through community-driven insights and advanced threat intelligence. This introduction provides an overview of CTI’s purpose, benefits, competitive advantages and including a search page with filters and IP detail pages.
+
+Investigate your first IP [there](https://app.crowdsec.net/cti).
+
+![Alerts](/img/console/cti/home.jpeg)
+
+# What Is Cyber Threat Intelligence (CTI)?
+
+CrowdSec’s Cyber Threat Intelligence (CTI) platform empowers organizations with real-time, actionable data on suspicious or malicious IP addresses. By leveraging community-shared threat signals and enriching them with advanced analytics, CTI offers a robust framework for identifying and mitigating risks before they impact your infrastructure.
+
+CTI serves as your go-to resource for proactive defense, offering an intuitive interface, powerful search capabilities, and detailed insights into potentially harmful IPs and their activities.
+
+# What Are the Benefits of CTI?
+
+**1. Real-Time Threat Awareness**
+
+CTI keeps you informed of the latest cybersecurity threats. By analyzing and enriching data from a global community, it provides up-to-the-minute intelligence on suspicious activities, enabling swift and informed decision-making.
+
+**2. Comprehensive IP Insights**
+
+Every IP address in CTI comes with a detailed profile:
+
+-   Risk scores and threat levels
+-   Associated threat types (e.g., brute force, spam, port scanning)
+-   Geolocation data
+-   Historical activity logs
+
+This wealth of information equips you with everything needed to understand the potential risks associated with an IP.
+
+**3. Community-Powered Defense**
+
+CrowdSec stands apart with its community-based approach. By pooling insights from thousands of users worldwide, CTI benefits from a vast, ever-growing database of validated threat intelligence.
+
+**4. Search and Discovery Tools**
+
+With CTI’s advanced search and filtering capabilities, finding relevant information about IPs has never been easier. Whether you’re investigating a specific IP or searching for trends, CTI provides an intuitive and streamlined experience.
+
+**5. Integration-Friendly**
+
+CTI integrates seamlessly into your existing CrowdSec setup, making it an invaluable part of your defense strategy without requiring additional complexity. Use the [Free CrowdSec CTI API](https://app.crowdsec.net/settings/cti-api-keys) to access threat data programmatically and enhance your security operations.
+
+# What to Expect Next
+
+In this documentation, you’ll discover:
+
+### IP Details Pages
+
+Dive deep into individual IP profiles to uncover:
+
+-   Risk assessment scores
+-   Threat patterns
+-   Timeline of malicious activity
+-   Geographical distribution of attacks
+
+### Faceted Research for Analysts
+
+Understand how CTI enables analysts to uncover trends, identify repeat offenders, and map out potential attack vectors using advanced research tools. [(You can check this example)](<https://app.crowdsec.net/cti?q=classifications.classifications.name:%22crowdsec:ai_vpn_proxy%22+AND+(reputation:malicious+OR+reputation:suspicious)&page=1>)
