Merge branch 'main' into se_intro_schema_update

Author: buixor

crowdsec-docs/docs/contributing/test_environment.md

@@ -4,6 +4,12 @@ title: Creating a test environment
 sidebar_position: 10
 ---
 
+:::warning
+The following documentation is written for use on Linux systems. If you are using a different operating system, please adjust the commands accordingly if we have prebuilt binaries for your system.
+
+**However, please note we do not compile for MacOS so you will need to compile from source.**
+::: 
+
 You need a test environment for several reasons:
 
 - Creation of new parsers or scenarios
@@ -13,7 +19,7 @@ You need a test environment for several reasons:
 This can be done directly with the tarball of the release :
 
 ```bash
-VER=1.4.6 # Please check https://github.com/crowdsecurity/crowdsec/releases/latest for latest version
+VER=1.6.3 # Please check https://github.com/crowdsecurity/crowdsec/releases/latest for latest version
 wget https://github.com/crowdsecurity/crowdsec/releases/download/v$VER/crowdsec-release.tgz
 tar xvzf crowdsec-release.tgz
 cd crowdsec-v$VER

crowdsec-docs/docs/whitelist/expr_based_whitelist.md

@@ -8,7 +8,7 @@ Let's whitelist a **specific** user-agent (of course, it's just an example, don'
 Since we are using data that is present from the parsing stage we can do this within `Parsing Whitelist` level. Please see [introduction](/whitelist/introduction.md) for your OS specific paths.
 
 ```yaml
-name: crowdsecurity/whitelists
+name: "my/whitelist" ## Must be unique
 description: "Whitelist events from private ipv4 addresses"
 whitelist:
   reason: "private ipv4 ranges"
@@ -116,7 +116,7 @@ line: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/
 	|		├ create evt.Parsed.static_ressource : false
 	|		├ create evt.Parsed.file_dir : /.well-known/acme-challenge/
 	|		├ create evt.Meta.http_args_len : 0
-	|	└ 🟢 crowdsecurity/whitelists (unchanged)
+	|	└ 🟢 my/whitelist (unchanged)
 	├-------- parser success 🟢
 	├ Scenarios
 		├ 🟢 crowdsecurity/http-crawl-non_statics

crowdsec-docs/docs/whitelist/format.md

@@ -7,7 +7,7 @@ sidebar_position: 2
 ## Whitelist configuration example
 
 ```yaml
-name: crowdsecurity/my-whitelists
+name: "my/whitelist" ## Must be unique
 description: "Whitelist events from my ipv4 addresses"
 #it's a normal parser, so we can restrict its scope with filter
 filter: "1 == 1"

crowdsec-docs/docs/whitelist/fqdn_based_whitelist.md

@@ -14,7 +14,7 @@ You might want to whitelist a fully qualified domain name (FQDN eg foo.com), in
 Let's create the following file `FQDN-whitelists.yaml` (See [introduction](/whitelist/introduction.md) for your OS specific path) :
 
 ```yaml
-name: me/FQDN-whitlists
+name: "my/FQDN-whitlists" ## Must be unique
 description: "Whitelist postoverflows from FQDN"
 whitelist:
   reason: "do whitelistings by FQDN"

crowdsec-docs/docs/whitelist/ip_based_whitelist.md

@@ -8,7 +8,7 @@ IP whitelists are best suited at `Parser whitelists` level because once the log
 We will create the file `mywhitelist.yaml` please see [introduction](/whitelist/introduction.md) for your OS specific paths.
 
 ```yaml
-name: crowdsecurity/whitelists
+name: "my/whitelist" ## Must be unique
 description: "Whitelist events from my ip addresses"
 whitelist:
   reason: "my ip ranges"

crowdsec-docs/docs/whitelist/postoverflow_based_whitelist.md

@@ -24,7 +24,7 @@ First of all, install the [crowdsecurity/rdns postoverflow](https://hub.crowdsec
 Let's create `mywhitelist.yaml` again but remember this is a postoverflow whitelist so the paths will be different to `Parsing whitelists` please see [introduction](/whitelist/introduction.md) for your OS specific path.
 
 ```yaml
-name: me/my_cool_whitelist
+name: "my/po_whitelist" ## Must be unique
 description: lets whitelist our own reverse dns
 whitelist:
     reason: dont ban my ISP

crowdsec-docs/unversioned/beta_program.mdx

@@ -22,18 +22,35 @@ To join the CrowdSec Beta program, click the [Beta opt-in option directly in the
 
 ### CrowdSec Threat Forecast Blocklist - Beta starts 2024-10-25 
 
-#### What is it ?
+#### What is it and what to expect?
 
-The Threat Forecast Blocklist is a dynamic, adaptive blocklist customized to your organization's signals. By identifying attacks on similar profiles, it predicts threats that will likely target your organization in the coming days. 
+The **Threat Forecast Blocklist** is a dynamic, adaptive blocklist customized to your organization's signals.  
+By identifying attacks on similar profiles, it predicts threats that will likely target your organization in the coming days.  
+It will update every 24 hours, and the signals of all your Security Engines will be considered to build the prediction.  
 
-The Threat Forecast Blocklist will update every 24 hours, and the signals of all your Security Engines will be considered to build the prediction.
+It's tailored to your organization; hence, we expect that it should allow preemptive remediation, resulting in a **drop in the number of alerts**.   
+Optionally, if you have an iptables of nftables remediation component, you'll be able to see some [metrics about this blocklist's efficiency](https://docs.crowdsec.net/docs/next/observability/usage_metrics)
 
-#### Who will have access to it ?
+#### Who will have access to it?
 
-If you have at least one enrolled security engine with an average of more than 100 alerts a week (total on your organization) you have a chance to be invited.  
-You'll receive an email on Friday October the 25th 2024.
+If you have at least one enrolled security engine with an average of more than 100 alerts a week (total for your organization) you have a chance to be invited.  
+You'll receive an email on Friday, October the 25th, 2024.
 
-**Important note**: You will have 15 days to start using the Threat Forecast Blocklist and 30 days total starting today to test it out. If you do not use it within 15 days, your access will be reallocated to someone else.
+**Important note**: You will have 15 days to start using the Threat Forecast Blocklist and 30 days in total starting today to test it out. If you do not use it within 15 days, your access will be reallocated to someone else.
+
+#### How to subscribe to this blocklist
+
+- Log into your console account
+- Go to the blocklist catalog and search "forecast": https://app.crowdsec.net/blocklists?page=1&q=forecast
+  - If you're part of the this beta, you should see the **Threat Forecast Blocklist**
+  - Click on it
+- You should have landed in the details page for this blocklist
+- Click on subscribe to open the subscription popup and follow its instructions to subscribe to the blocklist. 
+  - We recommend subscribing your organization to the list as this will make sure that newly added security engines automatically benefit from the blocklist as well. 
+  -- If you want to have more finegrained controll, you can also select only specific engines to subscribe to the list.
+- Click confirm subscription
+
+Note that you must have a [remediation component](https://doc.crowdsec.net/u/bouncers/intro) on those engines to effectively block the IPs.
 
 ## Your feedback is key
 

crowdsec-docs/versioned_docs/version-v1.3.4/whitelist/create.md

@@ -43,7 +43,7 @@ sudo cscli decisions list
 Let's create a `/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml` file with the following content :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from my ip addresses"
 whitelist:
   reason: "my ip ranges"
@@ -85,7 +85,7 @@ Now, let's make something more tricky : let's whitelist a **specific** user-agen
 Let's change our whitelist to :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from private ipv4 addresses"
 whitelist:
   reason: "private ipv4 ranges"

crowdsec-docs/versioned_docs/version-v1.4.0/whitelist/create.md

@@ -43,7 +43,7 @@ sudo cscli decisions list
 Let's create a `/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml` file with the following content :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from my ip addresses"
 whitelist:
   reason: "my ip ranges"
@@ -85,7 +85,7 @@ Now, let's make something more tricky : let's whitelist a **specific** user-agen
 Let's change our whitelist to :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from private ipv4 addresses"
 whitelist:
   reason: "private ipv4 ranges"

crowdsec-docs/versioned_docs/version-v1.5.0/whitelist/create.md

@@ -43,7 +43,7 @@ sudo cscli decisions list
 Let's create a `/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml` file with the following content :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from my ip addresses"
 whitelist:
   reason: "my ip ranges"
@@ -85,7 +85,7 @@ Now, let's make something more tricky : let's whitelist a **specific** user-agen
 Let's change our whitelist to :
 
 ```yaml
-name: crowdsecurity/whitelists
+name: my/whitelist
 description: "Whitelist events from private ipv4 addresses"
 whitelist:
   reason: "private ipv4 ranges"