Updating firewall integrations doc

crowdsec-docs/plugins/extract-preprocessor.js

@@ -44,9 +44,9 @@ const buildIndex = () => {
 
   let count = 0;
 
-  // Regex to find: <div data-extract="ID"> CONTENT </div>
+  // Regex to find: <snippet-extract data-extract="ID"> CONTENT </snippet-extract>
   // We use [\s\S]*? to match content across multiple lines (lazy match)
-  const extractRegex = /<div\s+data-extract=["']([^"']+)["'][^>]*>([\s\S]*?)<\/div>/g;
+  const extractRegex = /<snippet-extract\s+data-extract=["']([^"']+)["'][^>]*>([\s\S]*?)<\/snippet-extract>/g;
 
   allFiles.forEach(filePath => {
     try {
@@ -84,9 +84,9 @@ const preprocessor = ({ filePath, fileContent }) => {
   // 1. Ensure Index exists (runs once)
   buildIndex();
 
-  // 2. Regex to find: <div data-extract-copy="ID" />
-  // Matches <div data-extract-copy="xyz"></div> OR <div data-extract-copy="xyz" />
-  const copyRegex = /<div\s+data-extract-copy=["']([^"']+)["']\s*\/?>\s*(?:<\/div>)?/g;
+  // 2. Regex to find: <snippet-extract data-extract-copy="ID" />
+  // Matches <snippet-extract data-extract-copy="xyz"></snippet-extract> OR <snippet-extract data-extract-copy="xyz" />
+  const copyRegex = /<snippet-extract\s+data-extract-copy=["']([^"']+)["']\s*\/?>\s*(?:<\/snippet-extract>)?/g;
 
   // 3. Replace with content
   return fileContent.replace(copyRegex, (match, requestedId) => {

crowdsec-docs/sidebarsUnversioned.ts

@@ -642,6 +642,12 @@ const sidebarsUnversionedConfig: SidebarConfig = {
 			label: "Integrations",
 			items: [
 				"integrations/rawiplist",
+				"integrations/remediationcomponent",
+				{
+					type: "html",
+					value: "<hr style='margin: 0.75rem 0; opacity: 0.35;' />",
+					defaultStyle: false,
+				},
 				"integrations/checkpoint",
 				"integrations/cisco",
 				"integrations/f5",
@@ -651,7 +657,6 @@ const sidebarsUnversionedConfig: SidebarConfig = {
 				"integrations/opnsense",
 				"integrations/paloalto",
 				"integrations/pfsense",
-				"integrations/remediationcomponent",
 				"integrations/sophos",
 			],
 		},

crowdsec-docs/unversioned/integrations/checkpoint.mdx

@@ -5,114 +5,88 @@ title: Checkpoint
 
 import ThemedImage from "@theme/ThemedImage";
 import useBaseUrl from "@docusaurus/useBaseUrl";
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import CodeBlock from '@theme/CodeBlock';
+import UnderlineTooltip from '@site/src/components/underline-tooltip';
 
-The CrowdSec Checkpoint integration allows you to block malicious IPs in your Checkpoint firewall. This guide will walk you through the steps to integrate CrowdSec blocklists with your Checkpoint firewall.
-
-Check Point refers to this feature as [**Custom Intelligence (IoC) Feeds**](https://support.checkpoint.com/results/sk/sk132193), which provide the ability to add custom cyber intelligence feeds into the Threat Prevention engine.
-
-### Prerequisites
-
-Before you begin, please ensure your Checkpoint device supports ingesting blocklists. If you are unsure, please refer to the Checkpoint documentation or contact Checkpoint support.
-
-:::warning
-Integrations for commnunity plan users are limited to pull once every 24 hours. Pulling more often will result in HTTP 429.
-:::
-
-### Steps
-
-We will presume you followed the [Getting Started](integrations/intro.mdx) guide and have created an account on the CrowdSec Console.
-
-Once you are authenticated, you can proceed to the Blocklist tab located on the top menu bar, from there you can select the Integrations sub menu.
-
-Once the page has loaded, you can click the "Connect" button under the Checkpoint logo.
-
+<div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
+<div style={{flex: '0 0 20%'}}>
 <ThemedImage
     alt="Checkpoint Integration Card"
     sources={{
         light: useBaseUrl("/img/console_integrations_checkpoint_card_light.png"),
         dark: useBaseUrl("/img/console_integrations_checkpoint_card_dark.png"),
     }}
 />
+</div>
+<div style={{flex: '1'}}>
+The CrowdSec Checkpoint integration connects CrowdSec's hosted blocklist endpoint to your Checkpoint firewall.   
+Check Point calls this feature **Custom Intelligence (IoC) Feeds**, which provide the ability to add custom cyber intelligence feeds into the Threat Prevention engine.   
 
-Doing so will prompt you to name this integration, you can name it anything you like, for example "My Integration ". Note the name should be unique per integration that is tied to your account.
-
-<ThemedImage
-    alt="Checkpoint Integration Creation Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_creation_light.png"),
-        dark: useBaseUrl("/img/console_integrations_creation_dark.png"),
-    }}
-/>
-
-Once the integration is generated you will be presented with a credentials screen that will provide you with the necessary information to configure your Checkpoint Firewall. This information will **ONLY** be displayed once, so please ensure you copy it down.
-
-<ThemedImage
-    alt="Checkpoint Integration Credentials Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_checkpoint_credentials_light.png"),
-        dark: useBaseUrl("/img/console_integrations_checkpoint_credentials_dark.png"),
-    }}
-/>
-
-## Checkpoint Configuration
+:::info
+Ensure your Checkpoint device supports Custom Intelligence (IoC) Feeds.  
+The vendor documentation is available in the [References](#references) section below.
+:::
+</div>
+</div>
+## Setup a Checkpoint Integration Endpoint
+<snippet-extract data-extract-copy="rawiplist:bl_integ_setup"></snippet-extract>
+<hr />
 
+## Configure Checkpoint
 
-In the gateways and servers tab, double-click on the specific gateway you want to configure
+In the **Gateways and Servers** tab, double-click the gateway you want to configure.
 
 ![](/img/checkpoint_step1.png)
 
-You will have this properties menu, select "Threat Prevention (Custom)", then activate at least Anti-Bot or Anti-Virus.
+In the properties menu, select **Threat Prevention (Custom)**, then activate at least Anti-Bot or Anti-Virus.
 
 ![](/img/checkpoint_step2.png)
 
-Now go to the "Security policies" tab, and click on "New IOC Feed"
+Go to the **Security policies** tab and click **New IOC Feed**.
 
 ![](/img/checkpoint_step3.png)
 
-Click on "Custom Policy", then below on "Indicators". Add your feed information and click "Test Feed".
-
-You need to put the username and password provided by the console in the "Feed URL" so it can use basic authentication:
+Click **Custom Policy**, then **Indicators**. Add your feed information using the endpoint URL with Basic Auth credentials embedded:
 
 ```
 https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
 ```
 
-In this example, we used "Raw IP List Format", but you can use checkpoint format and select the data column "1".
+You can use the Raw IP List format and set the data column to `1`. Click **Test Feed**.
 
 ![](/img/checkpoint_step4.png)
 
-Select the Gateway and click "Test Feed"
+Select the gateway and click **Test Feed**.
 
 ![](/img/checkpoint_step5.png)
 
-Check That the feed is working and save the configuration.
+Verify the feed is working, then save the configuration.
 
 ![](/img/checkpoint_step6.png)
 
-You can also take a look at the [Checkpoint Documentation](https://support.checkpoint.com/results/sk/sk132193) for more information (if you want to do it using CLI).
-
 ## Format example
 
-The CrowdSec blocklist will be in checkpoint format, with formatted data per line. Here is an example of how the blocklist will look:
+The CrowdSec blocklist is served in Checkpoint format, with one entry per line:
 
 ```
 Accessobserv2,192.168.38.187,IP,high,high,AB,C&C server IP
 Accessobserv2,192.168.38.188,IP,high,high,AB,C&C server IP
 ```
 
 :::info
-The format is as follows: UNIQ-NAME , VALUE , TYPE , CONFIDENCE , SEVERITY , PRODUCT , COMMENT
+Format: `UNIQ-NAME, VALUE, TYPE, CONFIDENCE, SEVERITY, PRODUCT, COMMENT`
 :::
 
 ## Manage integration size limits with pagination
 
 If you want to learn how to manage integration size limits with pagination, please refer to the [Managing integrations size limits with pagination](console/service_api/integrations.md#managing-integrations-size-limits-with-pagination) section.
 
-## Contribute to this documentation
+## References
 
-Since CrowdSec is a community-driven project, we welcome contributions to this documentation. If you have any instructions or tips that you would like to share with the community, please feel free to open a pull request on our [GitHub repository](https://github.com/crowdsecurity/crowdsec-docs)
+- [Check Point — Custom Intelligence (IoC) Feeds documentation](https://support.checkpoint.com/results/sk/sk132193)
 
 ## Next Steps
 
-Now that you have integrated CrowdSec integration with your Checkpoint Firewall, you can proceed to the [Blocklist Catalog](console/blocklists/catalog.md) to find what blocklists you can subscribe too. 
-
+Subscribe to blocklists in the [Blocklist Catalog](console/blocklists/catalog.md) to populate your integration.

crowdsec-docs/unversioned/integrations/cisco.mdx

@@ -5,77 +5,44 @@ title: Cisco
 
 import ThemedImage from "@theme/ThemedImage";
 import useBaseUrl from "@docusaurus/useBaseUrl";
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import CodeBlock from '@theme/CodeBlock';
+import UnderlineTooltip from '@site/src/components/underline-tooltip';
 
-The CrowdSec Cisco integration allows you to block malicious IPs in your Cisco firewall. This guide will walk you through the steps to integrate CrowdSec blocklists with your Cisco firewall.
-
-Cisco refers to this feature as [**Security Intelligence feeds**](https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/objects-object-mgmt.html#ID-2243-00000291), which provide dynamic threat intelligence that can be used in your firewall policies.
-
-### Prerequisites
-
-Before you begin, please ensure your Cisco device supports ingesting blocklists. If you are unsure, please refer to the Cisco documentation or contact Cisco support.
-
-:::warning
-Integrations for commnunity plan users are limited to pull once every 24 hours. Pulling more often will result in HTTP 429.
-:::
-
-### Steps
-
-We will presume you followed the [Getting Started](integrations/intro.mdx) guide and have created an account on the CrowdSec Console.
-
-Once you are authenticated, you can proceed to the Blocklist tab located on the top menu bar, from there you can select the Integrations sub menu.
-
-Once the page has loaded, you can click the "Connect" button under the Cisco logo.
-
+<div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
+<div style={{flex: '0 0 20%'}}>
 <ThemedImage
     alt="Cisco Integration Card"
     sources={{
         light: useBaseUrl("/img/console_integrations_cisco_card_light.png"),
         dark: useBaseUrl("/img/console_integrations_cisco_card_dark.png"),
     }}
 />
-
-Doing so will prompt you to name this integration, you can name it anything you like, for example "My Integration". Note the name should be unique per integration that is tied to your account.
-
-<ThemedImage
-    alt="Cisco Integration Creation Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_creation_light.png"),
-        dark: useBaseUrl("/img/console_integrations_creation_dark.png"),
-    }}
-/>
-Once the integration is generated you will be presented with a credentials screen that will provide you with the necessary information to configure your Cisco firewall. This information will **ONLY** be displayed once, so please ensure you copy it down.
-
-<ThemedImage
-    alt="Cisco Integration Credentials Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_cisco_credentials_light.png"),
-        dark: useBaseUrl("/img/console_integrations_cisco_credentials_dark.png"),
-    }}
-/>
-
-Depending on the make and model of your Cisco firewall, you will need to follow the appropriate steps to ingest the blocklist. We provide public documentation that we found on Cisco devices, however, we recommend you refer to the official Cisco documentation for your device.
-
-[Cisco Documentation](https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/objects-object-mgmt.html#ID-2243-00000291)
-[Youtube tutorial](https://www.youtube.com/watch?v=OdD9GOjfB3U)
-
-## Format example
-
-The CrowdSec blocklist will be in plain text format, with one IP address per line. Here is an example of how the blocklist will look:
-
-```
-192.168.38.187
-192.168.38.186
-```
+</div>
+<div style={{flex: '1'}}>
+The CrowdSec Cisco integration connects CrowdSec's hosted blocklist endpoint to your Cisco firewall.   
+Cisco calls this feature **Security Intelligence feeds**, which provide dynamic threat intelligence that can be used in your firewall policies. 
+
+:::info
+Ensure your Cisco device supports Security Intelligence feeds. Depending on the make and model, the steps to ingest the blocklist may differ.   
+The vendor documentation is available in the [References](#references) section below.
+:::
+</div>
+</div>
+## Setup a Cisco Integration Endpoint
+<snippet-extract data-extract-copy="rawiplist:bl_integ_setup"></snippet-extract>
+<hr />
 
 ## Manage integration size limits with pagination
 
 If you want to learn how to manage integration size limits with pagination, please refer to the [Managing integrations size limits with pagination](console/service_api/integrations.md#managing-integrations-size-limits-with-pagination) section.
 
+## References
 
-## Contribute to this documentation
-
-Since CrowdSec is a community-driven project, we welcome contributions to this documentation. If you have any instructions or tips that you would like to share with the community, please feel free to open a pull request on our [GitHub repository](https://github.com/crowdsecurity/crowdsec-docs)
+- [Cisco — Security Intelligence feeds documentation](https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/objects-object-mgmt.html#ID-2243-00000291)
+- [Video tutorial](https://www.youtube.com/watch?v=OdD9GOjfB3U)
 
 ## Next Steps
 
-Now that you have integrated CrowdSec integration with your Cisco firewall, you can proceed to the [Blocklist Catalog](console/blocklists/catalog.md) to find what blocklists you can subscribe too. 
+Subscribe to blocklists in the [Blocklist Catalog](console/blocklists/catalog.md) to populate your integration.

crowdsec-docs/unversioned/integrations/f5.mdx

@@ -5,79 +5,57 @@ title: F5
 
 import ThemedImage from "@theme/ThemedImage";
 import useBaseUrl from "@docusaurus/useBaseUrl";
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import CodeBlock from '@theme/CodeBlock';
+import UnderlineTooltip from '@site/src/components/underline-tooltip';
 
-The CrowdSec F5 integration allows you to block malicious IPs in your F5 firewall. This guide will walk you through the steps to integrate CrowdSec blocklists with your F5 firewall.
-
-F5 BIG-IP AFM refers to this feature as [**External IP blocklist**](https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-per-request-policies/using-http-connector/creating-http-connector-request-external-IP-blocklist.html) or [**Feed lists**](https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-afm-getting-started-14-1-0/04.html), which allow you to import external threat intelligence to block or allow traffic based on IP reputation.
-
-### Prerequisites
-
-Before you begin, please ensure your F5 device supports ingesting blocklists. If you are unsure, please refer to the F5 documentation or contact F5 support.
-
-:::warning
-Integrations for commnunity plan users are limited to pull once every 24 hours. Pulling more often will result in HTTP 429.
-:::
-
-### Steps
-
-We will presume you followed the [Getting Started](integrations/intro.mdx) guide and have created an account on the CrowdSec Console.
-
-Once you are authenticated, you can proceed to the Blocklist tab located on the top menu bar, from there you can select the Integrations sub menu.
-
-Once the page has loaded, you can click the "Connect" button under the F5 logo.
-
+<div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
+<div style={{flex: '0 0 20%'}}>
 <ThemedImage
     alt="F5 Integration Card"
     sources={{
         light: useBaseUrl("/img/console_integrations_f5_card_light.png"),
         dark: useBaseUrl("/img/console_integrations_f5_card_dark.png"),
     }}
 />
+</div>
+<div style={{flex: '1'}}>
+The CrowdSec F5 integration connects CrowdSec's hosted blocklist endpoint to your F5 BIG-IP AFM.  
+F5 refers to this feature as **External IP blocklist** or **Feed lists**, which allow you to import external threat intelligence to block or allow traffic based on IP reputation.
 
-Doing so will prompt you to name this integration, you can name it anything you like, for example "My Integration ". Note the name should be unique per integration that is tied to your account.
-
-<ThemedImage
-    alt="F5 Integration Creation Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_creation_light.png"),
-        dark: useBaseUrl("/img/console_integrations_creation_dark.png"),
-    }}
-/>
-
-Once the integration is generated you will be presented with a credentials screen that will provide you with the necessary information to configure your F5 Firewall. This information will **ONLY** be displayed once, so please ensure you copy it down.
-
-<ThemedImage
-    alt="F5 Integration Credentials Screen"
-    sources={{
-        light: useBaseUrl("/img/console_integrations_f5_credentials_light.png"),
-        dark: useBaseUrl("/img/console_integrations_f5_credentials_dark.png"),
-    }}
-/>
-
-[F5 Documentation](https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-per-request-policies/using-http-connector.html)
+:::info
+Ensure your F5 BIG-IP AFM supports **External IP blocklists** or **Feed lists**.  
+The vendor documentation is available in the [References](#references) section below.
+:::
+</div>
+</div>
+## Setup a F5 Integration Endpoint
+<snippet-extract data-extract-copy="rawiplist:bl_integ_setup"></snippet-extract>
+<hr />
 
 ## Format example
 
-The CrowdSec blocklist will be in F5 format, with formatted data per line. Here is an example of how the blocklist will look:
+The CrowdSec blocklist is served in F5 format, with one entry per line:
 
 ```
 192.168.38.187,32,BL,crowdsec-myf5Integration
 192.168.38.188,32,BL,crowdsec-myf5Integration
 ```
 
 :::info
-The format is as follows: IP, Mask, WL/BL, Category
+Format: `IP, Mask, WL/BL, Category`
 :::
 
 ## Manage integration size limits with pagination
 
 If you want to learn how to manage integration size limits with pagination, please refer to the [Managing integrations size limits with pagination](console/service_api/integrations.md#managing-integrations-size-limits-with-pagination) section.
 
-## Contribute to this documentation
+## References
 
-Since CrowdSec is a community-driven project, we welcome contributions to this documentation. If you have any instructions or tips that you would like to share with the community, please feel free to open a pull request on our [GitHub repository](https://github.com/crowdsecurity/crowdsec-docs)
+- [F5 — External IP blocklist documentation](https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-per-request-policies/using-http-connector/creating-http-connector-request-external-IP-blocklist.html)
+- [F5 — Feed lists documentation](https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-afm-getting-started-14-1-0/04.html)
 
 ## Next Steps
 
-Now that you have integrated CrowdSec integration with your F5 Firewall, you can proceed to the [Blocklist Catalog](console/blocklists/catalog.md) to find what blocklists you can subscribe too. 
-
+Subscribe to blocklists in the [Blocklist Catalog](console/blocklists/catalog.md) to populate your integration.