Skip to content

Commit

Permalink
feat: Update Security Monitoring section, fix NAP link (#49)
Browse files Browse the repository at this point in the history 
This commit updates the Security Monitoring section to fit contemporary
style standards: sentence case for titles, no gerunds, horizontal line
breaks at the end of sections.

It also fixes the frontmatter for the section's pages to be uniform in
order and parameters with newer pages, and adds explicit weights for
page numbering.

The final change is to add a reference link to the right NAP V4 page:
prior to the release of NAP V5 the link was valid, but was not
automatically detected due to being a production URL.
  • Loading branch information
@ADubhlaoich
ADubhlaoich authored Jan 10, 2025
1 parent 876f2b9 commit 779eb54
Show file tree
Hide file tree
Showing 12 changed files with 105 additions and 108 deletions.
3 changes: 1 addition & 2 deletions content/nim/monitoring/security-monitoring/configure/_index.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
---
title: Configure
description:
weight: 100
url: /nginx-instance-manager/monitoring/security-monitoring/configure/
weight: 200
---
36 changes: 21 additions & 15 deletions ...nim/monitoring/security-monitoring/configure/create-role-security-monitoring.md
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,29 @@
---
title: Add user access to Security Monitoring dashboards
description: Learn how to grant users access to the F5 NGINX Security Monitoring dashboards.
docs: DOCS-1026
doctypes:
- task
tags:
- docs
title: Give Users Access to Security Monitoring Dashboards
toc: true
weight: 200
---
doctype: how-to
product: NIM
docs: DOCS-1026

{{< shortversions "1.0.0" "latest" "secvers" >}}
---

## Overview

You can use F5 NGINX Security Monitoring to monitor NGINX App Protect WAF instances. The Security Monitoring analytics dashboards and security logs provide protection insights and help you analyze possible threats or identify opportunities to tune your security policies.

By completing the steps in this topic, you will create a role that gives users access to the Security Monitoring module and logs, and assign it to user accounts or groups.

{{<note>}}The recommendations in this guide follow the principle of least privilege and do not grant users access to NGINX Instance Manager. You can create additional roles with custom modules, features, and permissions to suit your use case.{{</note>}}
{{< note >}} The recommendations in this guide follow the principle of least privilege and do not grant users access to NGINX Instance Manager. You can create additional roles with custom modules, features, and permissions to suit your use case. {{</ note >}}

---

## Before You Begin
## Before you begin

Complete the following prerequisites before proceeding with this guide:

- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/deploy/install-security-monitoring.md" >}}) and running.
- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/install-security-monitoring.md" >}}) and running.
- Your user account needs to be able to access the User Management settings in NGINX Instance Manager.
The minimum required role permissions are:

Expand All @@ -44,19 +43,26 @@ Complete the following prerequisites before proceeding with this guide:

{{</bootstrap-table>}}

---

## Create a Role
## Create a role

{{< include "nim/rbac/create-roles.md" >}}

## Assign the Role
---

## Assign the role

After you've created a role for Security Monitoring, assign the role to one or more users or to a user group.

### Assign the Role to Users
---

### Assign the role to users

{{< include "nim/rbac/assign-roles-to-users.md" >}}

### Assign the Role to User Groups
---

### Assign the role to user groups

{{< include "nim/rbac/assign-roles-to-user-groups.md" >}}
29 changes: 17 additions & 12 deletions ...nt/nim/monitoring/security-monitoring/configure/set-up-app-protect-instances.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
---
title: Create App Protect WAF instances for Security Monitoring
description: Learn how to set up F5 NGINX App Protect data plane instances for use with
the NGINX Security Monitoring and NGINX Instance Manager.
docs: DOCS-1107
doctypes:
- task
tags:
- docs
title: Set Up App Protect Instances for Security Monitoring
toc: true
weight: 100
type: how-to
product: NIM
docs: DOCS-1107
---

## Overview
Expand All @@ -18,7 +16,9 @@ F5 NGINX Security Monitoring supports the following use cases:
- **Security Monitoring only**: Use only the Security Monitoring module to monitor data from NGINX App Protect WAF instances. You will be able to review the security dashboards to assess potential threats and identify opportunities to fine-tune your policies. Your NGINX App Protect WAF configurations are managed outside of the NGINX Instance Manager context.
- **Security Monitoring and Instance Manager**: Use the Security Monitoring module with the NGINX Instance Manager. In addition to monitoring your application security, you will be able to manage your NGINX App Protect WAF configurations and security policies in a single location and push pre-compiled updates to an instance or instance group.

### Before You Begin
---

## Before you begin

Complete the following prerequisites before proceeding with the steps in this guide.

Expand All @@ -32,10 +32,11 @@ Complete the following prerequisites before proceeding with the steps in this gu
{{< include "nim/tech-specs/security-data-plane-dependencies.md" >}}

1. Determine your use case: **Security Monitoring only** or **Security Monitoring and Configuration Management**.
1. [Install the NGINX Security Monitoring module]({{< relref "/nim/monitoring/security-monitoring/deploy/install-security-monitoring.md" >}}) and [upload your license]({{< relref "/nim/admin-guide/license/add-license.md" >}}).
1. [Install the NGINX Security Monitoring module]({{< relref "/nim/monitoring/security-monitoring/install-security-monitoring.md" >}}) and [upload your license]({{< relref "/nim/admin-guide/license/add-license.md" >}}).

---

## Install NGINX Agent {#agent-config}
## Install NGINX Agent

NGINX Agent is a companion daemon for NGINX Open Source or NGINX Plus instance that provides:

Expand Down Expand Up @@ -144,7 +145,9 @@ sudo sh ./install.sh --nap-monitoring true --nginx-app-protect-mode precompiled-
sudo systemctl restart nginx-agent
```

## Set Up Instances for Security Monitoring Only {#monitor-only}
---

## Create instances for Security Monitoring only

Complete the steps in this section if you are only using the Security Monitoring module to monitor your application security. In this use case, you are **not using Instance Manager** to manage your WAF security policies.

Expand Down Expand Up @@ -198,7 +201,9 @@ Repeat the steps below on each NGINX App Protect WAF data plane instance.

You should now be able to view data from your NGINX App Protect instances in the NGINX Security Monitoring dashboards.

## Set up Instances for Security Monitoring with Instance Manager {#monitor-and-manage}
---

## Create instances for Security Monitoring with Instance Manager

Complete the steps in this section if you want to use the Security Monitoring module **and** Instance Manager. In this use case, you will use NGINX Instance Manager to monitor threats and to manage your NGINX App Protect WAF configurations and security policies.

Expand Down Expand Up @@ -235,7 +240,7 @@ Take the steps below to update your NGINX App Protect WAF configurations by usin

You should now be able to view data from your NGINX App Protect WAF instances in the Security Monitoring dashboard.

## What's Next
## See also

- [Grant Users Access to the Security Monitoring Dashboards]({{< relref "create-role-security-monitoring" >}}): Follow the steps in this guide to allow other users in your organization to access the Security Monitoring Dashboards.

Expand Down
29 changes: 13 additions & 16 deletions content/nim/monitoring/security-monitoring/configure/update-geo-db.md
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,39 @@
---
title: Update the geolocation database used in dashboards
description: Learn how to update the Geolocation Database used in F5 NGINX Management
Suite Security Monitoring dashboards.
docs: DOCS-1108
doctypes:
- task
tags:
- docs
title: Update Geolocation Database used in Security Monitoring Dashboards
toc: true
weight: 200
weight: 400
type: how-to
product: NIM
docs: DOCS-1108
---

{{< shortversions "1.0.0" "latest" "secvers" >}}



## Overview

You can use F5 NGINX Security Monitoring to monitor NGINX App Protect WAF instances. The Security Monitoring analytics dashboard uses MaxMind's GeoLite2 Free Database to provide extra Geolocation data for Security Violations.

By completing the steps in this topic, you will be able to update the Security Monitoring module to get the latest Geolocation database such that the dashboards can provide accurate data.

## Before You Begin
---

## Before you begin

Complete the following prerequisites before proceeding with this guide:

- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/deploy/install-security-monitoring.md" >}}) and running.
- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/install-security-monitoring.md" >}}) and running.
- NGINX App Protect is configured, and the Security Monitoring dashboard is gathering security violations

## How to update Geolocation Database

---

## Update the geolocation database

1. Create a [MaxMind](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data/) account and subscribe to get the latest updates to the Geolocation database.
1. Download the GeoLite2 Country (Edition ID: GeoLite2-Country) database in a GeoIP2 Binary `.mmdb` format from the [MaxMind](https://www.maxmind.com/en/accounts/current/geoip/downloads) website. The database will be present in a `gzip` downloaded file.
1. Unzip the downloaded `gzip` file, which contains the binary data of the GeoLite2 Country database with a filename `GeoLite2-Country.mmdb`
1. Replace the `GeoLite2-Country.mmdb` present on your NGINX Instance Manager's Control Plane at `/usr/share/nms/geolite2/GeoLite2-Country.mmdb` with the newly downloaded GeoLite2 Country database.

Example:

```bash
sudo scp /path/to/GeoLite2-Country.mmdb {user}@{host}:/usr/share/nms/geolite2/GeoLite2-Country.mmdb
```
Expand Down
38 changes: 18 additions & 20 deletions content/nim/monitoring/security-monitoring/configure/update-signatures.md
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,37 @@
---
title: Update the Attack Signature Database
description: Learn how to update the Attack Signature Database used in F5 NGINX Management
Suite Security Monitoring dashboards.
docs: DOCS-1109
doctypes:
- task
tags:
- docs
title: Manage the Security Monitoring Signature Database
toc: true
weight: 200
weight: 300
type: how-to
product: NIM
docs: DOCS-1109
---

{{< shortversions "1.0.0" "latest" "secvers" >}}

## Overview

You can use the F5 NGINX Security Monitoring module to monitor NGINX App Protect WAF instances for security. The Security Monitoring module analytics dashboards utilize a Signature Database to give more detail about the Attack Signatures that have caused a Security Violation, like the Signature's name, accuracy, and risk. If the Signature Database is not updated to match the Attack Signature version used for App Protect WAF protection, new signatures may be triggered without a name or other attributes like risk and accuracy.
You can use the F5 NGINX Security Monitoring module to monitor NGINX App Protect WAF instances for security. The Security Monitoring module analytics dashboards utilize a Signature Database to give more detail about the Attack Signatures that have caused a Security Violation, like the Signature's name, accuracy, and risk.

Make sure the dashboards show the right info by following the steps in this topic to update the Security Monitoring module with the newest Attack Signature data.
If the Signature Database is not updated to match the Attack Signature version used for App Protect WAF protection, new signatures may be triggered without a name or other attributes like risk and accuracy.

The steps in this topic ensure that dashboards show the correct information by updating the Security Monitoring module with the newest Attack Signature data.

---

## Before You Begin
## Before you begin

Complete the following prerequisites before proceeding with this guide:

- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/deploy/install-security-monitoring.md" >}}) and running
- NGINX Security Monitoring is [installed]({{< relref "/nim/monitoring/security-monitoring/install-security-monitoring.md" >}}) and running
- NGINX App Protect is configured, and the Security Monitoring dashboard is gathering security violations

## How to Update the Signature Database
---

1. Open an SSH connection to the data plane host and log in.
1. Use the [Attack Signature Report Tool](https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#attack-signature-report-tool) to generate a Signature Report file. The filename must be `signature-report.json`.
## Update the Signature Database

Example:
1. Open an SSH connection to the data plane host and log in.
1. Use the [Attack Signature Report Tool]({{< relref "/nap-waf/v4/configuration-guide/configuration.md#attack-signature-report-tool" >}}) to generate a Signature Report file. The filename must be `signature-report.json`.

```bash
sudo /opt/app_protect/bin/get-signatures -o ./signature-report.json
Expand All @@ -40,8 +40,6 @@ Complete the following prerequisites before proceeding with this guide:
1. Open an SSH connection to the management plane host and log in.
1. Replace the `signature-report.json` on your NGINX Instance Manager's control plane at `/usr/share/nms/sigdb/signature-report.json` with the newly generated Signature Report.
Example:
```bash
sudo scp /path/to/signature-report.json {user}@{host}:/usr/share/nms/sigdb/signature-report.json
```
Expand All @@ -51,4 +49,4 @@ Complete the following prerequisites before proceeding with this guide:
```bash
sudo systemctl restart nms-ingestion
sudo systemctl restart nms-core
```
```
6 changes: 0 additions & 6 deletions content/nim/monitoring/security-monitoring/deploy/_index.md
View file

This file was deleted.

42 changes: 24 additions & 18 deletions ...ing/deploy/install-security-monitoring.md → ...monitoring/install-security-monitoring.md
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,32 @@
---
description:
docs: DOCS-1208
doctypes:
- tutorial
tags:
- docs
title: "Install or Upgrade Security Monitoring"
title: "Install or upgrade Security Monitoring"
toc: true
weight: 40
weight: 100
doctype: how-to
product: NIM
docs: DOCS-1208
---

## Overview

Follow the steps in this guide to install or upgrade or upgrade the NGINX Security Monitoring module.

## Before You Begin
---

## Before you begin

### Security Considerations
### Security considerations

{{< include "installation/secure-installation.md" >}}

### Installation Prerequisites
---

### Installation prerequisites

{{< include "installation/nms-prerequisites.md" >}}

---

### Dependencies with Instance Manager

{{< include "nim/tech-specs/security-management-plane-dependencies.md" >}}
Expand Down Expand Up @@ -77,19 +80,24 @@ Follow the steps in this guide to install or upgrade or upgrade the NGINX Securi
```


### Accessing the Web Interface
---

### Access the web interface

{{< include "installation/access-web-ui.md" >}}

### Add License

---

### Add license

A valid license is required to make full use of all the features in Security Monitoring module.

Refer to the [Add a License]({{< relref "/nim/admin-guide/license/add-license.md" >}}) topic for instructions on how to download and apply a trial license, subscription license, or Flexible Consumption Program license.

---

## Upgrade Security Monitoring {#upgrade-security-monitoring}
## Upgrade Security Monitoring

{{<call-out "important" "Instance Manager Dependency" >}}The upgrade process for Security Monitoring **does not** automatically upgrade Instance Manager, which is a package dependency. To ensure compatibility with Security Monitoring, you will need to manually [upgrade Instance Manager]({{< relref "/nim/deploy/vm-bare-metal/install.md#upgrade-nim" >}}) to a version supported by Security Monitoring. For specific version dependencies between Security Monitoring and Instance Manager, refer to the [Security Monitoring release notes]({{< relref "/nim/monitoring/security-monitoring/releases/release-notes.md" >}}).{{</call-out>}}

Expand Down Expand Up @@ -142,10 +150,8 @@ Refer to the [Add a License]({{< relref "/nim/admin-guide/license/add-license.md

---

## What's Next

### Set Up Data Plane
## See also

To set up your NGINX App Protect WAF data plane instances for use with Security Monitoring, refer to the following instructions:

- [Set Up App Protect Instances for Security Monitoring]({{< relref "/nim/monitoring/security-monitoring/configure/set-up-app-protect-instances" >}})
- [Create App Protect WAF instances for Security Monitoring]({{< relref "/nim/monitoring/security-monitoring/configure/set-up-app-protect-instances" >}})
3 changes: 1 addition & 2 deletions content/nim/monitoring/security-monitoring/releases/_index.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
---
title: Releases
description: "Stay up-to-date with the latest F5 NGINX Security Monitoring releases."
weight: 800
url: /nginx-instance-manager/monitoring/security-monitoring/releases/
weight: 300
---
Loading

0 comments on commit 779eb54

Please sign in to comment.