From 36acad775ec9dc9da21e8622fa520aa974a0a6ca Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Tue, 12 May 2026 19:20:52 +0100 Subject: [PATCH 1/2] Rewrite threat-defense page descriptions (next trees) --- calico-cloud/threat/configuring-webhooks.mdx | 2 +- calico-cloud/threat/container-threat-detection.mdx | 2 +- calico-cloud/threat/deeppacketinspection.mdx | 2 +- calico-cloud/threat/deploying-waf-ingress-gateway.mdx | 2 +- calico-cloud/threat/index.mdx | 2 +- calico-cloud/threat/security-event-management.mdx | 2 +- calico-cloud/threat/suspicious-domains.mdx | 2 +- calico-cloud/threat/suspicious-ips.mdx | 2 +- calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- calico-cloud/threat/web-application-firewall.mdx | 2 +- calico-enterprise/threat/configuring-webhooks.mdx | 2 +- calico-enterprise/threat/deeppacketinspection.mdx | 2 +- calico-enterprise/threat/deploying-waf-ingress-gateway.mdx | 2 +- calico-enterprise/threat/index.mdx | 2 +- calico-enterprise/threat/security-event-management.mdx | 2 +- calico-enterprise/threat/suspicious-domains.mdx | 2 +- calico-enterprise/threat/suspicious-ips.mdx | 2 +- calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- calico-enterprise/threat/web-application-firewall.mdx | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/calico-cloud/threat/configuring-webhooks.mdx b/calico-cloud/threat/configuring-webhooks.mdx index 0754a384c1..3f0cf16d61 100644 --- a/calico-cloud/threat/configuring-webhooks.mdx +++ b/calico-cloud/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints. title: Webhooks for security events --- diff --git a/calico-cloud/threat/container-threat-detection.mdx b/calico-cloud/threat/container-threat-detection.mdx index 7ce76cd0fb..ce1a17eba0 100644 --- a/calico-cloud/threat/container-threat-detection.mdx +++ b/calico-cloud/threat/container-threat-detection.mdx @@ -1,5 +1,5 @@ --- -description: Threat detection for containerized workloads. +description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine. redirect_from: - /threat/malware-detection --- diff --git a/calico-cloud/threat/deeppacketinspection.mdx b/calico-cloud/threat/deeppacketinspection.mdx index 35afa3f8f2..7a84feb420 100644 --- a/calico-cloud/threat/deeppacketinspection.mdx +++ b/calico-cloud/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-cloud/threat/deploying-waf-ingress-gateway.mdx b/calico-cloud/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..bf057309cc 100644 --- a/calico-cloud/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-cloud/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-cloud/threat/index.mdx b/calico-cloud/threat/index.mdx index e5596789bf..8253e5bbfa 100644 --- a/calico-cloud/threat/index.mdx +++ b/calico-cloud/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, managed threat-intel feed updates, deep packet inspection, and WAF. hide_table_of_contents: true --- diff --git a/calico-cloud/threat/security-event-management.mdx b/calico-cloud/threat/security-event-management.mdx index 6099fd7db5..340c96b74a 100644 --- a/calico-cloud/threat/security-event-management.mdx +++ b/calico-cloud/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-cloud/threat/suspicious-domains.mdx b/calico-cloud/threat/suspicious-domains.mdx index b51a93e6d1..c10c0f4429 100644 --- a/calico-cloud/threat/suspicious-domains.mdx +++ b/calico-cloud/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Use managed threat-intelligence feeds in Calico Cloud to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-cloud/threat/suspicious-ips.mdx b/calico-cloud/threat/suspicious-ips.mdx index 496577d2b7..675da0c5e4 100644 --- a/calico-cloud/threat/suspicious-ips.mdx +++ b/calico-cloud/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Use managed threat-intelligence feeds in Calico Cloud to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx index 4d7ae9d16c..2a706a3626 100644 --- a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in Calico Cloud connected clusters with managed Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard. --- # Anonymization attacks diff --git a/calico-cloud/threat/web-application-firewall.mdx b/calico-cloud/threat/web-application-firewall.mdx index 27565cab50..b92f5e6b5a 100644 --- a/calico-cloud/threat/web-application-firewall.mdx +++ b/calico-cloud/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise/threat/configuring-webhooks.mdx b/calico-enterprise/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise/threat/configuring-webhooks.mdx +++ b/calico-enterprise/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise/threat/deeppacketinspection.mdx b/calico-enterprise/threat/deeppacketinspection.mdx index d5cd3cbadf..80cdadb7ab 100644 --- a/calico-enterprise/threat/deeppacketinspection.mdx +++ b/calico-enterprise/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise/threat/index.mdx b/calico-enterprise/threat/index.mdx index 4663f4c54f..f80d2359f8 100644 --- a/calico-enterprise/threat/index.mdx +++ b/calico-enterprise/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat-intel feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise/threat/security-event-management.mdx b/calico-enterprise/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise/threat/security-event-management.mdx +++ b/calico-enterprise/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise/threat/suspicious-domains.mdx b/calico-enterprise/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise/threat/suspicious-domains.mdx +++ b/calico-enterprise/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise/threat/suspicious-ips.mdx b/calico-enterprise/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise/threat/suspicious-ips.mdx +++ b/calico-enterprise/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise/threat/web-application-firewall.mdx b/calico-enterprise/threat/web-application-firewall.mdx index 53b471d02b..9a5ce57895 100644 --- a/calico-enterprise/threat/web-application-firewall.mdx +++ b/calico-enterprise/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) From db07a93c11af7c30202b14bda23449f668c57915 Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Wed, 13 May 2026 17:25:03 +0100 Subject: [PATCH 2/2] Address threat-bucket comments and mirror to versioned trees 5 review comments addressed: - tor-vpn-feed-and-dashboard.mdx (CC): replaced "managed Tor bulk exit and X4B VPN feeds" with the actual install path the page documents ("Tor bulk exit and X4B VPN feeds, ... in the Tor-VPN dashboard in the web console"). - suspicious-ips.mdx and suspicious-domains.mdx (CC): removed the "managed threat-intelligence feeds" framing since the pages describe adding feeds via kubectl apply, not managed feeds. - threat/index.mdx (CE and CC): spelled out "threat-intel" as "threat intelligence" for consistency with sibling pages. Then mirrored the full next-tree threat descriptions to the four versioned snapshots: - calico-enterprise_versioned_docs/version-3.23-1/threat/ (9) - calico-enterprise_versioned_docs/version-3.22-2/threat/ (9) - calico-cloud_versioned_docs/version-22-2/threat/ (10) 28 mirror writes plus 5 next-tree fixes = 33 file changes. No drift. Vale clean on description lines across all 5 dirs. Co-Authored-By: Claude Opus 4.7 (1M context) --- calico-cloud/threat/index.mdx | 2 +- calico-cloud/threat/suspicious-domains.mdx | 2 +- calico-cloud/threat/suspicious-ips.mdx | 2 +- calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- .../version-22-2/threat/configuring-webhooks.mdx | 2 +- .../version-22-2/threat/container-threat-detection.mdx | 2 +- .../version-22-2/threat/deeppacketinspection.mdx | 2 +- .../version-22-2/threat/deploying-waf-ingress-gateway.mdx | 2 +- calico-cloud_versioned_docs/version-22-2/threat/index.mdx | 2 +- .../version-22-2/threat/security-event-management.mdx | 2 +- .../version-22-2/threat/suspicious-domains.mdx | 2 +- .../version-22-2/threat/suspicious-ips.mdx | 2 +- .../version-22-2/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- .../version-22-2/threat/web-application-firewall.mdx | 2 +- calico-enterprise/threat/index.mdx | 2 +- .../version-3.22-2/threat/configuring-webhooks.mdx | 2 +- .../version-3.22-2/threat/deeppacketinspection.mdx | 2 +- .../version-3.22-2/threat/deploying-waf-ingress-gateway.mdx | 2 +- .../version-3.22-2/threat/index.mdx | 2 +- .../version-3.22-2/threat/security-event-management.mdx | 2 +- .../version-3.22-2/threat/suspicious-domains.mdx | 2 +- .../version-3.22-2/threat/suspicious-ips.mdx | 2 +- .../version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- .../version-3.22-2/threat/web-application-firewall.mdx | 2 +- .../version-3.23-1/threat/configuring-webhooks.mdx | 2 +- .../version-3.23-1/threat/deeppacketinspection.mdx | 2 +- .../version-3.23-1/threat/deploying-waf-ingress-gateway.mdx | 2 +- .../version-3.23-1/threat/index.mdx | 2 +- .../version-3.23-1/threat/security-event-management.mdx | 2 +- .../version-3.23-1/threat/suspicious-domains.mdx | 2 +- .../version-3.23-1/threat/suspicious-ips.mdx | 2 +- .../version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx | 2 +- .../version-3.23-1/threat/web-application-firewall.mdx | 2 +- 33 files changed, 33 insertions(+), 33 deletions(-) diff --git a/calico-cloud/threat/index.mdx b/calico-cloud/threat/index.mdx index 8253e5bbfa..9796e9f566 100644 --- a/calico-cloud/threat/index.mdx +++ b/calico-cloud/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, managed threat-intel feed updates, deep packet inspection, and WAF. +description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF. hide_table_of_contents: true --- diff --git a/calico-cloud/threat/suspicious-domains.mdx b/calico-cloud/threat/suspicious-domains.mdx index c10c0f4429..983821f340 100644 --- a/calico-cloud/threat/suspicious-domains.mdx +++ b/calico-cloud/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Use managed threat-intelligence feeds in Calico Cloud to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. +description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-cloud/threat/suspicious-ips.mdx b/calico-cloud/threat/suspicious-ips.mdx index 675da0c5e4..0314267b42 100644 --- a/calico-cloud/threat/suspicious-ips.mdx +++ b/calico-cloud/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Use managed threat-intelligence feeds in Calico Cloud to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. +description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx index 2a706a3626..b95692af09 100644 --- a/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-cloud/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect anonymization activity in Calico Cloud connected clusters with managed Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard. +description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console. --- # Anonymization attacks diff --git a/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx b/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx index 0754a384c1..3f0cf16d61 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints. title: Webhooks for security events --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx b/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx index 7ce76cd0fb..ce1a17eba0 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/container-threat-detection.mdx @@ -1,5 +1,5 @@ --- -description: Threat detection for containerized workloads. +description: Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine. redirect_from: - /threat/malware-detection --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx b/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx index 35afa3f8f2..7a84feb420 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx b/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..bf057309cc 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-cloud_versioned_docs/version-22-2/threat/index.mdx b/calico-cloud_versioned_docs/version-22-2/threat/index.mdx index e5596789bf..9796e9f566 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/index.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect and respond to threats in Calico Cloud connected clusters with container threat detection, threat intelligence feeds, deep packet inspection, and WAF. hide_table_of_contents: true --- diff --git a/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx b/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx index 6099fd7db5..340c96b74a 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx index b51a93e6d1..983821f340 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx index 496577d2b7..0314267b42 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx b/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx index 4d7ae9d16c..b95692af09 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console. --- # Anonymization attacks diff --git a/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx b/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx index 27565cab50..b92f5e6b5a 100644 --- a/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx +++ b/calico-cloud_versioned_docs/version-22-2/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise/threat/index.mdx b/calico-enterprise/threat/index.mdx index f80d2359f8..d8c5d3e3d5 100644 --- a/calico-enterprise/threat/index.mdx +++ b/calico-enterprise/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat-intel feeds, deep packet inspection, and a workload-based WAF. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx index 6208720013..3e3cdbe5ab 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx index 4663f4c54f..d8c5d3e3d5 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx b/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx index 84d41756b8..3baa40020b 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF) diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx index 0754a384c1..01b05b33ca 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/configuring-webhooks.mdx @@ -1,5 +1,5 @@ --- -description: Use webhooks to send security event alerts to third-party systems. +description: Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster. title: Webhooks for security events --- diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx index d5cd3cbadf..80cdadb7ab 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx @@ -1,5 +1,5 @@ --- -description: Monitor live traffic for malicious activities. +description: Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic. --- # Deep packet inspection diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx index 64f01d08d8..03aaf89acd 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/deploying-waf-ingress-gateway.mdx @@ -1,5 +1,5 @@ --- -description: Deploy WAF with ingress gateways +description: Step-by-step tutorial for deploying a Calico Enterprise web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks. --- # Deploy a web application firewall with Calico Ingress Gateway diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx index 4663f4c54f..d8c5d3e3d5 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/index.mdx @@ -1,5 +1,5 @@ --- -description: Trace, analyze, and block malicious threats using intelligent feeds and alerts. +description: Detect, analyze, and block threats in your Calico Enterprise cluster with intrusion detection, threat intelligence feeds, deep packet inspection, and a workload-based WAF. hide_table_of_contents: true --- diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx index 698974e734..6bb87f5fab 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/security-event-management.mdx @@ -1,5 +1,5 @@ --- -description: Manage security events from your cluster in a single place. +description: Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation. --- # Security event management diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx index dae98728e4..d470b5fd02 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-domains.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace DNS queries that involve suspicious domains. +description: Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard. --- # Trace and alert on suspicious domains diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx index 222a9cfa15..baa2071247 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/suspicious-ips.mdx @@ -1,5 +1,5 @@ --- -description: Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them. +description: Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy. --- # Trace and block suspicious IPs diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx index cd68bff338..125aabf925 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/tor-vpn-feed-and-dashboard.mdx @@ -1,5 +1,5 @@ --- -description: Detect and analyze malicious anonymization activity using Tor-VPN feeds. +description: Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard. --- # Anonymization attacks diff --git a/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx b/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx index 84d41756b8..3baa40020b 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/threat/web-application-firewall.mdx @@ -1,5 +1,5 @@ --- -description: Configure Calico to use with Layer 7 Web Application Firewall. +description: Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set. --- # Workload-based Web Application Firewall (WAF)