diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/LJ6QHRV.png b/public/docs-static/img/how-to-guides/auto-offboard-users/LJ6QHRV.png
new file mode 100644
index 0000000..defcd1d
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/LJ6QHRV.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/MQ2yh6B.png b/public/docs-static/img/how-to-guides/auto-offboard-users/MQ2yh6B.png
new file mode 100644
index 0000000..dc0cb09
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/MQ2yh6B.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/NKabmN6.png b/public/docs-static/img/how-to-guides/auto-offboard-users/NKabmN6.png
new file mode 100644
index 0000000..5239f46
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/NKabmN6.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/TJWLvXL.png b/public/docs-static/img/how-to-guides/auto-offboard-users/TJWLvXL.png
new file mode 100644
index 0000000..202b75e
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/TJWLvXL.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/TOZjFKC.png b/public/docs-static/img/how-to-guides/auto-offboard-users/TOZjFKC.png
new file mode 100644
index 0000000..bc45301
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/TOZjFKC.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/activity-monitoring.png b/public/docs-static/img/how-to-guides/auto-offboard-users/activity-monitoring.png
new file mode 100644
index 0000000..af65662
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/activity-monitoring.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/ogiiUeT.png b/public/docs-static/img/how-to-guides/auto-offboard-users/ogiiUeT.png
new file mode 100644
index 0000000..c8a68d0
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/ogiiUeT.png differ
diff --git a/public/docs-static/img/how-to-guides/auto-offboard-users/sATMbbP.png b/public/docs-static/img/how-to-guides/auto-offboard-users/sATMbbP.png
new file mode 100644
index 0000000..55d13f7
Binary files /dev/null and b/public/docs-static/img/how-to-guides/auto-offboard-users/sATMbbP.png differ
diff --git a/public/docs-static/img/how-to-guides/endpoint-detection-and-response/edr-integrations.png b/public/docs-static/img/how-to-guides/endpoint-detection-and-response/edr-integrations.png
new file mode 100644
index 0000000..ded79f8
Binary files /dev/null and b/public/docs-static/img/how-to-guides/endpoint-detection-and-response/edr-integrations.png differ
diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index 5a06bc3..8dc445f 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -45,9 +45,9 @@ export const docsNavigation = [
title: 'Peers',
isOpen: false,
links: [
- { title: 'Add peers to your network', href: '/how-to/add-machines-to-your-network' },
- { title: 'Approve peers', href: '/how-to/approve-peers' },
- { title: 'Setup keys', href: '/how-to/register-machines-using-setup-keys' },
+ { title: 'Add Peers', href: '/how-to/add-machines-to-your-network' },
+ { title: 'Approve Peers', href: '/how-to/approve-peers' },
+ { title: 'Setup Keys', href: '/how-to/register-machines-using-setup-keys' },
]
},
{
@@ -56,6 +56,15 @@ export const docsNavigation = [
links: [
{ title: 'Groups & Policies', href: '/how-to/manage-network-access' },
{ title: 'Posture Checks', href: '/how-to/manage-posture-checks' },
+ {
+ title: 'Integrate EDR',
+ href: '/how-to/endpoint-detection-and-response',
+ isOpen: false,
+ links: [
+ { title: 'CrowdStrike Falcon', href: '/how-to/crowdstrike-edr' },
+ ]
+ },
+
]
},
{
@@ -89,6 +98,11 @@ export const docsNavigation = [
{ title: 'Google Workspace', href: '/how-to/google-workspace-sync'},
]
},
+ {
+ title: 'Auto-Offboard Users',
+ href: '/how-to/auto-offboard-users',
+ isOpen: false,
+ },
]
},
{
@@ -122,7 +136,6 @@ export const docsNavigation = [
isOpen: false,
links: [
{title: 'Enable post quantum cryptography', href: '/how-to/enable-post-quantum-cryptography' },
- {title: 'Endpoint detection and response (EDR)', href: '/how-to/endpoint-detection-and-response' },
]
},
diff --git a/src/pages/how-to/auto-offboard-users.mdx b/src/pages/how-to/auto-offboard-users.mdx
new file mode 100644
index 0000000..50eb4fa
--- /dev/null
+++ b/src/pages/how-to/auto-offboard-users.mdx
@@ -0,0 +1,50 @@
+# Automatically Offboard Team Members from NetBird
+
+[NetBird's IdP-Sync integration](https://docs.netbird.io/how-to/idp-sync) simplifies offboarding team members, enhancing
+security and efficiency. With this integration, you can automatically revoke access when users leave the company, when
+temporary access for a freelancer ends after project completion, or when a seasonal employee's contract concludes.
+Likewise, you can use this integration to restrict access to specific resources or environments when a project finishes.
+For instance, you can limit network and resource access when a team member is removed from a group or when an entire group
+is deleted from your Identity Provider.
+
+## Removing Team Members
+
+In this tutorial, we will focus on `user_01`, `user_02`, and `user_03`. From NetBird's `Users` dashboard, you can see
+that `user_01` is part of the `IT Administrators` group, while `user_02` and `user_03` belong to the `Staging` group.
+
+
+
+To get started, access your Identity Provider (IdP) dashboard. For this example, we’ll use [Microsoft Entra ID (Azure AD)](https://docs.netbird.io/how-to/microsoft-entra-id-sync).
+
+Next, locate the user you want to offboard in your IdP's user management section. Let’s say you want to revoke access to
+`user_01`, in that case, you will need to select it and click the `Delete` button as shown below.
+
+
+
+After deletion, click the `Refresh` button to confirm that the user is no longer active.
+
+
+
+Wait for the NetBird integration to complete its next synchronization cycle, which usually takes 300 seconds. Alternatively, go to the `Integrations` screen in the NetBird admin console and click the corresponding integration button to manually trigger the synchronization.
+
+
+
+Now, go to NetBird's `Users` dashboard to verify that the user is no longer listed.
+
+
+
+## Revoking Group Access
+
+Imagine a scenario where you have an access policy that grants all members of the `Staging` group access to resources in the `Servers` group.
+
+
+
+Let's say the current project is finished, and you no longer want members of the `Staging` group to have access to the
+`Servers` group. One way to do this is to remove the `Staging` group from your IdP.
+
+
+
+Once the changes synchronize in NetBird, users and their group memberships will be updated; therefore,
+[network access associated with that group](https://docs.netbird.io/how-to/manage-network-access) will automatically be revoked.
+
+
\ No newline at end of file
diff --git a/src/pages/how-to/crowdstrike-edr.mdx b/src/pages/how-to/crowdstrike-edr.mdx
new file mode 100644
index 0000000..ecf0330
--- /dev/null
+++ b/src/pages/how-to/crowdstrike-edr.mdx
@@ -0,0 +1,88 @@
+# Restrict Network Access with CrowdStrike Falcon®
+
+[CrowdStrike Falcon](https://www.crowdstrike.com/platform/) is a cloud-based endpoint protection platform that provides
+comprehensive visibility and threat detection capabilities. CrowdStrike Falcon agent runs on your devices (endpoints),
+collects, and analyzes endpoint data to detect and respond to threats in real-time. The agent's presence on endpoints and data
+it collects can be utilized to enforce access policies and limit network access according to the "health" status of the
+endpoints.
+
+The integration of NetBird with CrowdStrike Falcon provides organizations with network security controls that allow
+only IT-managed devices running CrowdStrike to access the network. Additionally, the integration uses [CrowdStrike's Zero Trust Assessment (ZTA) score](https://www.crowdstrike.com/press-releases/crowdstrike-extends-zero-trust-to-endpoint-devices/),
+enabling administrators to further limit network access based on the security posture of each device.
+
+CrowdStrike's Zero Trust Assessment (ZTA) score is a numerical representation of the security posture of a device with
+a value ranging from 0 to 100. The score is calculated based on various factors, including the device's security configuration,
+software vulnerabilities, and CrowdStrike's threat intelligence data. By integrating with CrowdStrike Falcon,
+NetBird can ensure that only devices with a high security posture can access the network.
+
+In this guide, we will walk you through the configuration steps to integrate CrowdStrike Falcon with NetBird and use ZTA score
+to allow network access to devices that meet a specified ZTA threshold.
+
+## Prerequisites
+
+Before you start creating and configuring a CrowdStrike integration, ensure that you have the following:
+- A CrowdStrike account with the permissions to create and manage API keys.
+ If you don't have the required permissions, ask your CrowdStrike administrator to grant them to you.
+
+## Create a CrowdStrike API Key
+
+- Navigate to the [API clients and keys](https://falcon.eu-1.crowdstrike.com/api-clients-and-keys/) page
+- Click `Create API client` at the top, right corner
+- Set Hosts - Read permission
+- Set Zero Trust Assessment - Read permission
+- Click `Create`
+- Copy the credentials. You will need these credentials when configuring an integration in NetBird.
+
+## Configure a CrowdStrike Integration in NetBird
+
+- Navigate to the [Integrations » EDR](https://app.netbird.io/integrations?tab=edr) tab in the NetBird dashboard
+- Click `Connect CrowdStrike` to start the configuration wizard
+
+ 
+
+
+- First, select the region of your CrowdStrike account
+
+ 
+
+ - Then enter the client ID and secret key you created in [Step 1](#step-1-create-a-crowd-strike-api-key) and click `Continue`
+
+ 
+
+- Select groups you want to apply the integration to
+- If you would like to apply a ZTA threshold, then enable the [Zero Trust Assessment Score](https://www.crowdstrike.com/blog/tech-center/securing-private-applications-with-crowdstrike-zero-trust-assessment-and-aws-verified-access/) and set the desired limit, and click `Connect`.
+
+ 
+
+
+
+ The EDR check will apply only to machines in the selected groups and will require a running CrowdStrike agent.
+
+
+ You can also use groups [synchronized from your Identity Provider (IdP)](/how-to/idp-sync).
+
+
+- Peers that have the CrowdStrike agent installed will be granted access to the network. Peers without the agent will appear
+with a `Approval required` mark in the peers list and won't be able to access the network until the agent is installed.
+
+
+ 
+
+
+- Optional. You can experiment and see how the integration works by hiding hosts in the CrowdStrike Host management console:
+ - Navigate to the [Host management](https://falcon.crowdstrike.com/host-management/hosts) page in the CrowdStrike console
+ - Select a host you want to hide
+ - Click `Actions` and then `Hide`
+ - The host will be moved to Trash (you can restore it later)
+ - After about a minute, the peer will be disconnected from the network and marked as `Approval required` in the NetBird dashboard.
+ - To restore the host in CrowdStrike, navigate to the Trash and click `Restore`
+
+
+ NetBird synchronizes the list of devices managed by the EDR platform via the API about every minute.
+ The changes might not be visible immediately.
+
+
+
+ If you install the CrowdStrike agent on a peer after it joined the network, you will need to disconnect and reconnect
+ this peer for the `Approval required` mark to disappear.
+
diff --git a/src/pages/how-to/endpoint-detection-and-response.mdx b/src/pages/how-to/endpoint-detection-and-response.mdx
index de99ea1..3fcf73e 100644
--- a/src/pages/how-to/endpoint-detection-and-response.mdx
+++ b/src/pages/how-to/endpoint-detection-and-response.mdx
@@ -1,4 +1,6 @@
-# Endpoint detection and response (EDR)
+# Endpoint Detection and Response (EDR)
+
+
Endpoint Detection and Response (EDR) is a cybersecurity technology designed to help organizations detect, investigate,
and respond to threats on endpoint devices. An endpoint is any device that is connected to a network, such as laptops,
@@ -12,82 +14,15 @@ NetBird integrates with major EDR platforms to restrict network access only to d
With the integration enabled, NetBird synchronizes the list of devices managed by the EDR platform via the API and
checks the presence of the EDR agent on the device, blocking access to the network if the agent is not installed.
-In addition to the aforementioned features, the system also has the capability to check the Zero Trust Assessment (ZTA) score of the hosts.
-The system can limit network access based on this ZTA score. For instance, if a device has a ZTA score below the set threshold, it may be deemed too risky and thus, denied access to the network.
-
NetBird doesn't apply the EDR checks to all devices in the network. Instead, you can select specific groups of devices for
the checks to apply.
-This document offers instructions and best practices for setting up NetBird with different EDR platforms.
-
This feature is only available in the cloud version of NetBird.
-## CrowdStrike
-
-Before you start creating and configuring a CrowdStrike integration, ensure that you have the following:
-- A CrowdStrike account with the permissions to create and manage API keys. If you don't have the required permissions, ask your CrowdStrike administrator to grant them to you.
-
-### Step 1: Create a CrowdStrike API key
-
-- Navigate to the [API clients and keys](https://falcon.eu-1.crowdstrike.com/api-clients-and-keys/) page
-- Click `Create API client` at the top, right corner
-- Set Hosts - Read permission
-- Set Zero Trust Assessment - Read permission
-- Click `Create`
-- Copy the credentials. You will need these credentials when configuring an integration in NetBird.
+## Supported EDR Platforms
-### Step 2: Configure a CrowdStrike integration in NetBird
+NetBird integrates with the following EDR platforms:
-- Navigate to the [Integrations » EDR](https://app.netbird.io/integrations?tab=edr) tab in the NetBird dashboard
-- Click `Connect CrowdStrike` to start the configuration wizard
-
-
-
-
-- First, select the region of your CrowdStrike account
-
-
-
- - Then enter the client ID and secret key you created in [Step 1](#step-1-create-a-crowd-strike-api-key) and click `Continue`
-
-
-
-- Select groups you want to apply the integration to
-- If you would like to apply a ZTA threshold, then enable the [Zero Trust Assessment Score](https://www.crowdstrike.com/blog/tech-center/securing-private-applications-with-crowdstrike-zero-trust-assessment-and-aws-verified-access/) and set the desired limit, and click `Connect`.
-
-
-
-
-
- The EDR check will apply only to machines in the selected groups and will require a running CrowdStrike agent.
-
-
- You can also use groups [synchronized from your Identity Provider (IdP)](/how-to/idp-sync).
-
-
-- Peers that have the CrowdStrike agent installed will be granted access to the network. Peers without the agent will appear
-with a `Approval required` mark in the peers list and won't be able to access the network until the agent is installed.
-
-
-
-
-
-- Optional. You can experiment and see how the integration works by hiding hosts in the CrowdStrike Host management console:
- - Navigate to the [Host management](https://falcon.crowdstrike.com/host-management/hosts) page in the CrowdStrike console
- - Select a host you want to hide
- - Click `Actions` and then `Hide`
- - The host will be moved to Trash (you can restore it later)
- - After about a minute, the peer will be disconnected from the network and marked as `Approval required` in the NetBird dashboard.
- - To restore the host in CrowdStrike, navigate to the Trash and click `Restore`
-
-
- NetBird synchronizes the list of devices managed by the EDR platform via the API about every minute.
- The changes might not be visible immediately.
-
-
-
- If you install the CrowdStrike agent on a peer after it joined the network, you will need to disconnect and reconnect
- this peer for the `Approval required` mark to disappear.
-
+* [CrowdStrike Falcon](/how-to/crowdstrike-edr)