Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RS-2108] Clarify DPI alerts are in alerts page #1728

Merged
merged 2 commits into from
Oct 21, 2024
Merged

[RS-2108] Clarify DPI alerts are in alerts page #1728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
550db53
[RS-2108] Clarify DPI alerts are in alerts page
gantony Oct 21, 2024
f97a670
Capital A
gantony Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions calico-cloud/threat/deeppacketinspection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ Configure deep packet inspection (DPI) in clusters to get alerts on compromised
Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats.
Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives.
{{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads).
You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI.
You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI.

## Concepts

For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules.
Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager.
Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager.

{{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets.
It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html).
Expand Down Expand Up @@ -104,7 +104,7 @@ spec:

### Access alerts

The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page.
The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page.

### Verify deep packet inspection is running

Expand Down
6 changes: 3 additions & 3 deletions calico-cloud_versioned_docs/version-20-1/threat/deeppacketinspection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised

## Value

Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI.
Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI.

## Concepts

For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager.
For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager.

{{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html).

Expand Down Expand Up @@ -99,7 +99,7 @@ spec:

### Access alerts

The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page.
The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page.

### Verify deep packet inspection is running

Expand Down
4 changes: 2 additions & 2 deletions calico-enterprise/threat/deeppacketinspection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Configure deep packet inspection (DPI) in clusters to get alerts on compromised
Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats.
Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives.
{{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads).
You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI.
You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI.

## Concepts

Expand Down Expand Up @@ -104,7 +104,7 @@ spec:

### Access alerts

The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page.
The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page.

### Verify deep packet inspection is running

Expand Down
6 changes: 3 additions & 3 deletions calico-enterprise_versioned_docs/version-3.19-2/threat/deeppacketinspection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised

## Value

Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI.
Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI.

## Concepts

For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager.
For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager.

{{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html).

Expand Down Expand Up @@ -99,7 +99,7 @@ spec:

### Access alerts

The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page.
The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page.

### Verify deep packet inspection is running

Expand Down
6 changes: 3 additions & 3 deletions calico-enterprise_versioned_docs/version-3.20-1/threat/deeppacketinspection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ Configure Deep Packet Inspection (DPI) in clusters to get alerts on compromised

## Value

Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Security Events dashboard in Manager UI.
Security teams need to run DPI quickly in response to unusual network traffic in clusters so they can identify potential threats. Also, it is critical to run DPI on select workloads (not all) to efficiently make use of cluster resources and minimize the impact of false positives. {{prodname}} provides an easy way to perform DPI using [Snort community rules](https://www.snort.org/downloads/#rule-downloads). You can disable DPI at any time, selectively configure for namespaces and endpoints, and alerts are generated in the Alerts dashboard in Manager UI.

## Concepts

For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Security Events page in the {{prodname}} Manager.
For each deep packet inspection resource (DeepPacketInspection), {{prodname}} creates a live network monitor that inspects the header and payload information of packets that match the Snort community rules. Whenever malicious activities are suspected, an alert is automatically added to the Alerts page in the {{prodname}} Manager.

{{prodname}} DPI uses AF_PACKET, a Linux socket that allows an application to receive and send raw packets. It is commonly used for troubleshooting (like tcpdump and Wireshark), but also for network intrusion detection. For details, see [AF_Packet](https://man7.org/linux/man-pages/man7/packet.7.html).

Expand Down Expand Up @@ -99,7 +99,7 @@ spec:

### Access alerts

The alerts generated by deep packet inspection are available in the Manager UI in the **Security Events** page.
The alerts generated by deep packet inspection are available in the Manager UI in the Alerts page.

### Verify deep packet inspection is running

Expand Down
Loading