Merge branch 'main' into apache_bouncer

Author: buixor

crowdsec-docs/docs/data_sources/http.md

@@ -0,0 +1,192 @@
+---
+id: http
+title: HTTP
+---
+
+This module allows the `Security Engine` to acquire logs from an HTTP endpoint.
+
+## Configuration examples
+
+To receive logs from an HTTP endpoint with basic auth:
+```yaml
+source: http
+listen_addr: 127.0.0.1:8081
+path: /test
+auth_type: basic_auth
+basic_auth:
+  username: test
+  password: test
+labels:
+  type: mytype
+```
+
+To receive logs from an HTTP endpoint with headers:
+```yaml
+source: http
+listen_addr: 127.0.0.1:8081
+path: /test
+auth_type: headers
+headers:
+    MyHeader: MyValue
+labels:
+  type: mytype
+```
+
+To receive logs from an HTTP endpoint with TLS and headers:
+
+```yaml
+source: http
+listen_addr: 127.0.0.1:8081
+path: /test
+auth_type: headers
+headers:
+  MyHeader: MyValue
+tls:
+  server_cert: server.crt
+  server_key: server.key
+labels:
+  type: mytype
+```
+
+To receive logs from an HTTP endpoint with mTLS:
+
+```yaml
+source: http
+listen_addr: 127.0.0.1:8081
+path: /test
+auth_type: mtls
+tls:
+  server_cert: server.crt
+  server_key: server.key
+  ca_cert: ca.crt
+labels:
+  type: mytype
+```
+
+:::info
+If most of cases when the logs are sent in JSON format, you can use the [`transform`](https://docs.crowdsec.net/docs/next/data_sources/intro/#transform) expression to parse the logs.
+:::
+
+For example, if the logs are sent in the following format:
+```json
+{
+  "Records": [
+    {
+      "message": "test",
+      "timestamp": "2021-01-01T00:00:00Z"
+    }
+  ]
+}
+```
+
+the `transform` expression can be:
+```yaml
+transform: map(JsonExtractSlice(evt.Line.Raw, "Records"), ToJsonString(#))
+```
+
+
+Look at the `configuration parameters` to view all supported options.
+
+## Parameters
+
+
+### `listen_addr`
+
+The address to listen on (e.g., `127.0.0.1:8088`).
+
+Required.
+
+### `path`
+
+The endpoint path to listen on.
+
+:::info
+The request method is always `POST`.
+:::
+
+Optional, default is `/`.
+
+### `auth_type`
+
+The authentication type to use.
+
+Can be `basic_auth`, `headers`, or `mtls`.
+
+Required.
+
+### `basic_auth`
+
+The basic auth credentials.
+
+### `basic_auth.username`
+
+The basic auth username.
+
+Optional, to use when `auth_type` is `basic_auth`.
+
+### `basic_auth.password`
+
+The basic auth password.
+
+Optional, to use when `auth_type` is `basic_auth`.
+
+### `headers`
+
+The headers to send.
+
+Optional, to use when `auth_type` is `headers`.
+
+### `tls`
+
+TLS configuration.
+
+### `tls.server_cert`
+
+The server certificate path.
+
+Optional, to use when `auth_type` is `mtls`.
+
+### `tls.server_key`
+
+The server key path.
+
+Optional, to use when `auth_type` is `mtls`.
+
+### `tls.ca_cert`
+
+The CA certificate path.
+
+Optional, to use when `auth_type` is `mtls`.
+
+### `custom_status_code`
+
+The custom status code to return.
+
+Optional.
+
+### `custom_headers`
+
+The custom headers to return.
+
+Optional.
+
+### `max_body_size`
+
+The maximum body size to accept.
+
+Optional.
+
+### `timeout`
+
+The timeout to read the body.
+
+:::info
+The timeout is in duration format, e.g., `5s`.
+:::
+
+Optional.
+
+## DSN and command-line
+
+This datasource does not support acquisition from the command line.
+

crowdsec-docs/docs/data_sources/introduction.md

@@ -18,6 +18,7 @@ Name | Type | Stream | One-shot
 [AWS S3](/data_sources/s3.md)| read logs from a S3 bucket | yes | yes
 [docker](/data_sources/docker.md) | read logs from docker containers | yes | yes
 [file](/data_sources/file.md) | single files, glob expressions and .gz files | yes | yes
+[HTTP](/data_sources/http.md) | read logs from an HTTP endpoint | yes | no
 [journald](/data_sources/journald.md) | journald via filter | yes | yes
 [Kafka](/data_sources/kafka.md)| read logs from kafka topic | yes | no
 [Kubernetes Audit](/data_sources/kubernetes_audit.md) | expose a webhook to receive audit logs from a Kubernetes cluster  | yes | no

crowdsec-docs/docs/getting_started/install.mdx

@@ -35,7 +35,7 @@ Before installing the package, you might want to check [the ports that will be u
     {label: 'Debian/Ubuntu', value: 'debian'},
     {label: 'EL/Centos7/Amzn Linux 2', value: 'centos7'},
     {label: 'EL/Centos Stream 8', value: 'centos8'},
-    {label: 'OpenSUSE', value: 'opensuse'},
+    {label: 'SUSE Linux', value: 'suselinux'},
     {label: 'OpenWRT', value: 'openwrt'},
     {label: 'CloudLinux', value: 'cloudlinux'},
   ]}>
@@ -51,7 +51,7 @@ Before installing the package, you might want to check [the ports that will be u
     <CodeBlock className="language-bash">dnf install crowdsec</CodeBlock>
   </TabItem>
 
-  <TabItem value="opensuse">
+  <TabItem value="suselinux">
     <CodeBlock className="language-bash">zypper install crowdsec</CodeBlock>
   </TabItem>
 

crowdsec-docs/sidebars.js

@@ -131,6 +131,7 @@
                 "data_sources/s3",
                 "data_sources/docker",
                 "data_sources/file",
+                "data_sources/http",
                 "data_sources/journald",
                 "data_sources/kafka",
                 "data_sources/kubernetes_audit",

crowdsec-docs/sidebarsUnversioned.js

@@ -132,7 +132,7 @@ module.exports = {
         {
             label: "Blocklists",
             type: "doc",
-            id: "blocklists/intro"
+            id: "blocklists/intro",
         },
         {
             type: "category",
@@ -174,6 +174,32 @@ module.exports = {
                 },
             ],
         },
+        {
+            type: "category",
+            label: "CTI",
+            items: [
+                {
+                    type: "doc",
+                    label: "Getting started",
+                    id: "console/cti/getting_started",
+                },
+                {
+                    type: "doc",
+                    label: "IP report",
+                    id: "console/cti/ip_report",
+                },
+                {
+                    type: "doc",
+                    label: "Advanced search",
+                    id: "console/cti/advanced_search",
+                },
+                {
+                    type: "doc",
+                    label: "FAQ",
+                    id: "console/cti/faq",
+                },
+            ],
+        },
         {
             type: "category",
             label: "Decision",
@@ -186,11 +212,11 @@ module.exports = {
         {
             type: "category",
             label: "Enterprise support",
-            link:{
+            link: {
                 type: "doc",
                 id: "console/enterprise_support",
             },
-            items: []
+            items: [],
         },
         {
             type: "link",
@@ -351,8 +377,8 @@ module.exports = {
                 "integrations/sophos",
                 "integrations/genericfirewall",
                 "integrations/remediationcomponent",
-            ]
-        }
+            ],
+        },
     ],
     troubleshootingSideBar: [
         {
@@ -380,7 +406,7 @@ module.exports = {
         {
             type: "doc",
             id: "service_api/getting_started",
-            label: "Getting Started"
+            label: "Getting Started",
         },
         {
             type: "category",
@@ -389,8 +415,7 @@ module.exports = {
                 "service_api/quickstart/authentication",
                 "service_api/quickstart/blocklists",
                 "service_api/quickstart/integrations",
-            ]
-
+            ],
         },
         {
             type: "category",
@@ -399,24 +424,24 @@ module.exports = {
                 {
                     type: "doc",
                     label: "Python",
-                    id: "service_api/sdks/python"
-                }
-            ]
+                    id: "service_api/sdks/python",
+                },
+            ],
         },
         {
             type: "link",
             label: "Swagger",
-            href: "https://admin.api.crowdsec.net/v1/docs#/"
+            href: "https://admin.api.crowdsec.net/v1/docs#/",
         },
         {
             type: "link",
             label: "Redoc",
-            href: "https://admin.api.crowdsec.net/v1/redoc"
+            href: "https://admin.api.crowdsec.net/v1/redoc",
         },
         {
             type: "doc",
             id: "service_api/faq",
-            label: "FAQ"
+            label: "FAQ",
         },
     ],
     guidesSideBar: [