CrowdStrike integration (#177)

src/components/NavigationDocs.jsx

@@ -105,7 +105,7 @@ export const docsNavigation = [
                  {title: 'Activity event streaming', href: '/how-to/activity-event-streaming' },
                  {title: 'Identity provider sync', href: '/how-to/idp-sync' },
                  {title: 'Enable post quantum cryptography', href: '/how-to/enable-post-quantum-cryptography' },
-                 
+                 {title: 'Endpoint Detection and Response (EDR)', href: '/how-to/endpoint-detection-and-response' },
              ]
          },
 

src/pages/how-to/endpoint-detection-and-response.mdx

@@ -0,0 +1,88 @@
+# Endpoint Detection and Response (EDR)
+
+Endpoint Detection and Response (EDR) is a cybersecurity technology designed to help organizations detect, investigate,
+and respond to threats on endpoint devices. An endpoint is any device that is connected to a network, such as laptops,
+desktops, smartphones, tablets, servers, and even some IoT (Internet of Things) devices.
+
+With the rise of remote work, endpoints often operate outside the traditional corporate network perimeter,
+making them more vulnerable to attacks. EDR provides a layer of security that is not dependent on the physical location
+of the endpoint, thus extending protection to remote workers and their devices.
+
+NetBird integrates with major EDR platforms to restrict network access to only those devices managed by the company's IT department.
+With the integration enabled, NetBird synchronizes the list of devices managed by the EDR platform via the API and
+checks the presence of the EDR agent on the device, blocking access to the network if the agent is not installed.
+
+NetBird doesn't apply the EDR checks to all devices in the network. Instead, you can select specific groups of devices for
+the checks to apply.
+
+This document offers instructions and best practices for setting up NetBird with different EDR platforms.
+
+<Note>
+     This feature is only available in the cloud version of NetBird.
+</Note>
+
+## CrowdStrike
+
+Before you start creating and configuring a CrowdStrike integration, ensure that you have the following:
+- A CrowdStrike account with the permissions to create and manage API keys. If you don't have the required permissions, ask your CrowdStrike administrator to grant them to you.
+
+### Step 1: Create a CrowdStrike API key
+
+- Navigate to the [API clients and keys](https://falcon.eu-1.crowdstrike.com/api-clients-and-keys/) page
+- Click `Create API client` at the top, right corner
+- Set Hosts - Read permission
+- Click `Create`
+- Copy the credentials. You will need these credentials when configuring an integration in NetBird.
+
+### Step 2: Configure a CrowdStrike integration in NetBird
+
+- Navigate to the [Integrations &raquo; EDR](https://app.netbird.io/integrations?tab=edr) tab in the NetBird dashboard
+- Click `Connect CrowdStrike` to start the configuration wizard
+<p>
+    <img src="/docs-static/img/how-to-guides/crowdstrike-integration.png" alt="event-streaming-integration" className="imagewrapper-big"/>
+</p>
+
+- First, select the region of your CrowdStrike account
+<p>
+  <img src="/docs-static/img/how-to-guides/crowdstrike-region.png" alt="crowdstrike-region" className="imagewrapper"/>
+</p>
+  - Then enter the client ID and secret key you created in [Step 1](#step-1-create-a-crowd-strike-api-key) and click `Continue`
+<p>
+    <img src="/docs-static/img/how-to-guides/crowdstrike-credentials.png" alt="crowdstrike-credentials" className="imagewrapper"/>
+</p>
+- Select groups you want to apply the integration to and click `Connect`.
+<p>
+    <img src="/docs-static/img/how-to-guides/crowdstrike-groups.png" alt="crowdstrike-groups" className="imagewrapper"/>
+</p>
+
+<Note>
+    The EDR check will apply only to machines in the selected groups and will require the presence of the CrowdStrike agent.
+</Note>
+<Note>
+    You can also use groups [synchronized from your Identity Provider (IdP)](/how-to/idp-sync).
+</Note>
+
+- Peers that have the CrowdStrike agent installed will be granted access to the network. Peers without the agent will appear
+with a `Approval required` mark in the peers list and won't be able to access the network until the agent is installed.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/edr-approval-required.png" alt="edr-approval-required" className="imagewrapper-big"/>
+</p>
+
+- Optional. You can experiment and see how the integration works by hiding hosts in the CrowdStrike Host management console:
+    - Navigate to the [Host management](https://falcon.crowdstrike.com/host-management/hosts) page in the CrowdStrike console
+    - Select a host you want to hide
+    - Click `Actions` and then `Hide`
+    - The host will be moved to Trash (you can restore it later)
+    - After about a minute, the peer will be disconnected from the network and marked as `Approval required` in the NetBird dashboard.
+    - To restore the host in CrowdStrike, navigate to the Trash and click `Restore`
+
+<Note>
+    NetBird synchronizes the list of devices managed by the EDR platform via the API about every minute.
+    The changes might not be visible immediately.
+</Note>
+
+<Note>
+    If you install the CrowdStrike agent on a peer after it joined the network, you will need to disconnect and reconnect
+    this peer for the `Approval required` mark to disappear.
+</Note>

src/pages/how-to/idp-sync.mdx

@@ -1,6 +1,6 @@
-export const title = 'IdP Sync'
+export const title = 'Identity Provider synchronization'
 
-## IdP sync
+## Identity Provider synchronization
 
 Welcome to our comprehensive guide on configuring Identity Provider (IdP) for users and groups synchronization. This document provides step-by-step instructions and best practices for setting up and managing your synchronization processes effectively.