Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve CTI Taxonomy documentation #685

Merged
merged 3 commits into from
Nov 29, 2024
Merged

Improve CTI Taxonomy documentation #685

merged 3 commits into from
Nov 29, 2024

Conversation

AlteredCoder
Copy link
Contributor

No description provided.

@aws-amplify-eu-west-1 AWS Amplify (eu-west-1)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-685.d1to60jd2gb6y6.amplifyapp.com

@AlteredCoder AlteredCoder changed the title WIP: Improve CTI Taxonomy documentation Improve CTI Taxonomy documentation Nov 28, 2024
rr404
rr404 reviewed Nov 28, 2024
View reviewed changes
crowdsec-docs/unversioned/cti_api/taxonomy/false_positives.mdx
@@ -22,11 +22,21 @@ export const columns = [

<GithubIconRender url={fpURL}></GithubIconRender>

IPs in this category are considered completely safe and trusted. Alerts triggered by these IPs are likely due to misconfiguration or overly sensitive alerting rules.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we tell a bit more about our process of qualifying an IP as SAFE ?
Say that we have a list of genuine know crawlers exposing their IPs and ranges and that we take those in account to qualify an IP as SAFE.

Safe also means that it has no malicious intent, not that it isn't triggering certain scenarios, mainly crawling scenarios

rr404
rr404 reviewed Nov 28, 2024
View reviewed changes
crowdsec-docs/unversioned/cti_api/taxonomy/false_positives.mdx Outdated

:::warning

You might want to investigate any alerts associated with these IPs to ensure your configuration is correct.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have doubts about FP ?
Ideally we should NOt have doubt if we qualify them as FP with a strict list of genuine crawlers and safe bots

rr404
rr404 approved these changes Nov 28, 2024
View reviewed changes
Copy link
Contributor

@rr404 rr404 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, But I made 2 comments on things we could precise for the user understanding

@AlteredCoder AlteredCoder merged commit 18bd9fe into main Nov 29, 2024
2 checks passed
@AlteredCoder AlteredCoder deleted the improve_cti_taxonomy_doc branch November 29, 2024 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@buixor buixor buixor approved these changes

@rr404 rr404 rr404 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlteredCoder @buixor @rr404