From 550db53a23eee9410f35f64222a2b84663fa81c5 Mon Sep 17 00:00:00 2001 From: Antony Guinard Date: Mon, 21 Oct 2024 13:33:47 +0100 Subject: [PATCH 1/2] [RS-2108] Clarify DPI alerts are in alerts page --- calico-cloud/threat/deeppacketinspection.mdx | 6 +++--- .../version-20-1/threat/deeppacketinspection.mdx | 6 +++--- calico-enterprise/threat/deeppacketinspection.mdx | 4 ++-- .../version-3.19-2/threat/deeppacketinspection.mdx | 6 +++--- .../version-3.20-1/threat/deeppacketinspection.mdx | 6 +++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/calico-cloud/threat/deeppacketinspection.mdx b/calico-cloud/threat/deeppacketinspection.mdx index a7e22338ab..f1dbc5119e 100644 --- a/calico-cloud/threat/deeppacketinspection.mdx +++ b/calico-cloud/threat/deeppacketinspection.mdx @@ -13,12 +13,12 @@ Configure deep packet inspection (DPI) in clusters to get alerts on compromised Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). -You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI. +You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the alerts dashboard in Manager UI. ## Concepts For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. -Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager. +Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager. {{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html). @@ -104,7 +104,7 @@ spec: ### Access alerts -The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page. +The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page. ### Verify deep packet inspection is running diff --git a/calico-cloud_versioned_docs/version-20-1/threat/deeppacketinspection.mdx b/calico-cloud_versioned_docs/version-20-1/threat/deeppacketinspection.mdx index 67e75e04d2..dabd2f6a06 100644 --- a/calico-cloud_versioned_docs/version-20-1/threat/deeppacketinspection.mdx +++ b/calico-cloud_versioned_docs/version-20-1/threat/deeppacketinspection.mdx @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised ## Value -Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI. +Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI. ## Concepts -For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager. +For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager. {{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html). @@ -99,7 +99,7 @@ spec: ### Access alerts -The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page. +The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page. ### Verify deep packet inspection is running diff --git a/calico-enterprise/threat/deeppacketinspection.mdx b/calico-enterprise/threat/deeppacketinspection.mdx index a7e22338ab..3a96fb758e 100644 --- a/calico-enterprise/threat/deeppacketinspection.mdx +++ b/calico-enterprise/threat/deeppacketinspection.mdx @@ -13,7 +13,7 @@ Configure deep packet inspection (DPI) in clusters to get alerts on compromised Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). -You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI. +You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI. ## Concepts @@ -104,7 +104,7 @@ spec: ### Access alerts -The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page. +The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page. ### Verify deep packet inspection is running diff --git a/calico-enterprise_versioned_docs/version-3.19-2/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.19-2/threat/deeppacketinspection.mdx index 67e75e04d2..dabd2f6a06 100644 --- a/calico-enterprise_versioned_docs/version-3.19-2/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.19-2/threat/deeppacketinspection.mdx @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised ## Value -Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI. +Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI. ## Concepts -For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager. +For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager. {{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html). @@ -99,7 +99,7 @@ spec: ### Access alerts -The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page. +The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page. ### Verify deep packet inspection is running diff --git a/calico-enterprise_versioned_docs/version-3.20-1/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.20-1/threat/deeppacketinspection.mdx index 67e75e04d2..dabd2f6a06 100644 --- a/calico-enterprise_versioned_docs/version-3.20-1/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.20-1/threat/deeppacketinspection.mdx @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised ## Value -Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI. +Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI. ## Concepts -For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager. +For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager. {{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html). @@ -99,7 +99,7 @@ spec: ### Access alerts -The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page. +The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page. ### Verify deep packet inspection is running From f97a67009880269fbd78238d4fdc07cfe4112320 Mon Sep 17 00:00:00 2001 From: Antony Guinard Date: Mon, 21 Oct 2024 13:38:47 +0100 Subject: [PATCH 2/2] Capital A --- calico-cloud/threat/deeppacketinspection.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-cloud/threat/deeppacketinspection.mdx b/calico-cloud/threat/deeppacketinspection.mdx index f1dbc5119e..38ab85cd70 100644 --- a/calico-cloud/threat/deeppacketinspection.mdx +++ b/calico-cloud/threat/deeppacketinspection.mdx @@ -13,7 +13,7 @@ Configure deep packet inspection (DPI) in clusters to get alerts on compromised Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). -You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the alerts dashboard in Manager UI. +You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI. ## Concepts