Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update beta_program.mdx #644

Merged
merged 2 commits into from
Oct 25, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 26 additions & 7 deletions crowdsec-docs/unversioned/beta_program.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,37 @@ To join the CrowdSec Beta program, click the [Beta opt-in option directly in the

### CrowdSec Threat Forecast Blocklist - Beta starts 2024-10-25

#### What is it ?
#### What is it and what to expect?

The Threat Forecast Blocklist is a dynamic, adaptive blocklist customized to your organization's signals. By identifying attacks on similar profiles, it predicts threats that will likely target your organization in the coming days.
The **Threat Forecast Blocklist** is a dynamic, adaptive blocklist customized to your organization's signals.
By identifying attacks on similar profiles, it predicts threats that will likely target your organization in the coming days.
It will update every 24 hours, and the signals of all your Security Engines will be considered to build the prediction.

The Threat Forecast Blocklist will update every 24 hours, and the signals of all your Security Engines will be considered to build the prediction.
It's tailored to your organization; hence, we expect that it should allow preemptive remediation, resulting in a **drop in the number of alerts**.
Optionally, if you have an iptables of nftables remediation component, you'll be able to see some [metrics about this blocklist's efficiency](https://docs.crowdsec.net/docs/next/observability/usage_metrics)

#### Who will have access to it ?
#### Who will have access to it?

If you have at least one enrolled security engine with an average of more than 100 alerts a week (total on your organization) you have a chance to be invited.
You'll receive an email on Friday October the 25th 2024.
If you have at least one enrolled security engine with an average of more than 100 alerts a week (total for your organization) you have a chance to be invited.
You'll receive an email on Friday, October the 25th, 2024.

**Important note**: You will have 15 days to start using the Threat Forecast Blocklist and 30 days total starting today to test it out. If you do not use it within 15 days, your access will be reallocated to someone else.
**Important note**: You will have 15 days to start using the Threat Forecast Blocklist and 30 days in total starting today to test it out. If you do not use it within 15 days, your access will be reallocated to someone else.

#### How to subscribe to this blocklist

- Log into your console account
- Go to the blocklist catalog and search "forecast": https://app.crowdsec.net/blocklists?page=1&q=forecast
- If you're part of the this beta, you should see the **Threat Forecast Blocklist**
- Click on it
- You should have landed in the details page for this blocklist
- Click on subscribe
- In the subscription popup
- Select the tab "Security Engines"
- Chose one or more engines to subscribe to this blocklist
- Select the desired remediation (we recommend **Ban**)
- Click confirm subscription
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would remove the detail about the subscription popup. i would just do
"Click on subscribe to open the subscription popup and follow its instructions to subscribe to the blocklist. We recommend subscribing your organization to the list as this will make sure that newly added security engines automatically benefit from the blocklist as well. If you want to have more finegrained controll, you can also select only specific engines to subscribe to the list."


Note that you must have a [remediation component](https://doc.crowdsec.net/u/bouncers/intro) on those engines to effectively block the IPs.

## Your feedback is key

Expand Down
Loading