feat(notification integration): 📝 notification integration doc

Author: ziracmo

crowdsec-docs/package-lock.json

@@ -265,6 +265,27 @@ module.exports = {
             label: "Service API 🏅",
             href: "/u/service_api/getting_started",
         },
+        {
+            type: "category",
+            label: "Notification integrations 🏅",
+            items: [
+                {
+                    type: "doc",
+                    label: "Overview",
+                    id: "console/notification_integrations/overview",
+                },
+                {
+                    type: "doc",
+                    label: "Notification Rule",
+                    id: "console/notification_integrations/rule",
+                },
+                {
+                    type: "doc",
+                    label: "Slack",
+                    id: "console/notification_integrations/slack",
+                },
+            ],
+        },
     ],
     remediationSideBar: [
         {

crowdsec-docs/sidebarsUnversioned.js

@@ -0,0 +1,65 @@
+---
+id: overview
+title: Overview
+---
+
+Discover all the available notification integrations in CrowdSec. Each integration is designed to help you receive alerts and notifications to various platforms, ensuring you stay informed about security events and incidents. Available [here](https://app.crowdsec.net/settings/integrations).
+
+> 🌟 Premium feature. CrowdSec let you be linked to any notification integration. However, you need to be a ⭐ Premium organization to unlock the full potential of the notification integrations.
+
+## Available Integrations
+
+- [Slack](/u/console/notification_integrations/slack)
+- Coming soon: Discord
+- Coming soon: Webhook
+- Coming soon: Microsoft Teams
+
+## How to use notification integrations
+
+1. **Link your integration**: Navigate to the **Settings > Integrations** section in the CrowdSec Console and select the integration you want to link. Follow the instructions provided for each integration.
+2. [**Create a notification rule**](/u/console/notification_integrations/rule): Once your integration is linked, navigate to the **Rules** tab of the integration page. Here, you can create notification rules based on specific events or conditions. ([See the documentation](/u/console/notification_integrations/rule) for more details on creating rules.)
+
+## Available Events 
+
+The following events are available for notification integrations:
+
+**Threat Hunting**
+
+| Name | Description |
+|------|-------------|  
+Is Attacking | An attack has been detected from your Security Engine. |
+Is Attacked | Your organization is being attacked. | 
+Alert Triggered | An alert has been triggered. |
+
+
+
+**Stack - Management**
+
+| Name | Description |
+|------|-------------|
+Security Engine Enrolled | A new Security Engine has been enrolled. |
+Security Engine Unenrolled | A Security Engine has been unenrolled. |
+Security Engine Long Pending Enroll | A Security Engine has been pending for a long time. |
+
+**Stack - Monitoring**
+
+| Name | Description |
+|------|-------------|
+Firewall Integration Offline | A firewall integration is offline. |
+Log Processor No Alert | A log processor has not sent any alerts for 48h. |
+Log Processor Offline | A log processor is offline. |
+Remediation Component Integration Offline | A remediation component integration is offline. |
+Remediation Component Offline | A remediation component is offline. |
+CrowdSec Stack Component Outdated | A CrowdSec stack component is outdated (Security Engine, Log Processor, Remediation component). |
+Security Engine No Alerts | A Security Engine has not sent any alerts for 48h. |
+Security Engine Offline | A Security Engine is offline. |
+
+**Admin**
+
+| Name | Description |
+|------|-------------|
+API Key Expired | An API key has expired. |
+Payment Failed | A payment has failed. |
+
+
+## Examples

crowdsec-docs/static/img/console/notification_integrations/configure-slack.png

@@ -0,0 +1,48 @@
+---
+id: rule
+title: Notification rule
+---
+
+> 🌟 Premium feature.
+
+Notification rules allow you to customize the alerts and notifications you receive from your CrowdSec Console.
+By setting up specific rules, you can ensure that you are only notified about events that are relevant to your organization.
+This guide will walk you through the process of creating a notification rule for your linked integration.
+
+> You need at least one integration linked to your CrowdSec Console to create a notification rule.
+> If you haven't linked an integration yet, please refer to the [Integrations Overview](/u/console/notification_integrations/overview) for more information on how to do so.
+
+## Create a notification rule
+
+1. In the [CrowdSec Console](https://app.crowdsec.net), navigate to **Settings > Notifications** or **Settings > Integrations > (integration of your choice)** and click on add rule.
+
+![](/img/console/notification_integrations/notification-rule-list.png)
+
+2. Select the events you want to be notified about. You can only select one of the three category at the time (Threat Hunting, Stack or Admin). Each of these categories contains a list of [events](/notification_integrations/overview.mdx) that you can choose from. (Threat hunting category let you select only one event due to its conditions variance).
+
+![](/img/console/notification_integrations/events-selection.png)
+
+3. (Optional) Select a conditions. **Stack** category allows you to filter on Security Engine(s). **Threat Hunting > Alert trigger event** allows you to select specific scenarios.
+
+**Engine condition:**
+
+![](/img/console/notification_integrations/engine-condition-selection.png)
+
+**Installed scenarios:**
+
+{/* ![](/img/console/notification_integrations/scenario-condition-selection.png) */}
+
+4. Select destination, which is the integration you want to use for this rule. You can select multiple destination for one rule. Destination input varies depending on the integration you selected. For example, Slack integration let you select a channel, while Webhook integration let you select a URL.
+
+![](/img/console/notification_integrations/slack-destination-selection.png)
+
+5. Name and describe your rule.
+
+![](/img/console/notification_integrations/rule-information.png)
+
+6. Click on **Create** to save your rule.
+
+7. Your rule will now appear in the list of notification rules for your integration. You can edit or delete it at any time.
+
+![](/img/console/notification_integrations/notification-rule-list.png)
+

crowdsec-docs/static/img/console/notification_integrations/engine-condition-selection.png

@@ -0,0 +1,35 @@
+---
+id: slack
+title: Slack
+---
+
+
+## Link your workspace
+
+By default Slack let any workspace member add application to it. If you want to learn more about it you can check [this Slack article](https://slack.com/intl/en-gb/help/articles/202035138-Add-apps-to-your-Slack-workspace).
+
+1. In the [CrowdSec Console](https://app.crowdsec.net), navigate to **Settings > Integrations** and then select **Configure** in the Slack row.
+
+![](/img/console/notification_integrations/configure-slack.png)
+
+2. Select the Slack workspace you want to link to your CrowdSec Console using the dropdown menu on top-tight of the page. Then select **Allow**. Repeat the process if you want to link more workspace.
+
+3. You should be redirected to the Slack integration page. You can now create a notification rule by navigating to the **Rules** tab.
+
+![](/img/console/notification_integrations/slack-configuration-tab.png)
+
+Your Slack integration is now linked to your CrowdSec Console. If you want to link the integration to a private channel, invite it directly from the Slack channel.
+
+## Create a notification rule
+
+1. In the [CrowdSec Console](https://app.crowdsec.net), navigate to **Settings > Integrations > Slack** go to the Rules tab and click on **Add rule**.
+
+2. Follow the steps in the [Create a notification rule](/u/console/notification_integrations/rule) documentation to create your rule.
+
+## Troubleshooting
+
+### Rate Limiting Error
+
+If you're attempting to create or update a notification rule and are receiving the following error: "Slack rate limit exceeded.", you should enter channel ID instead of the channel Name and wait for a minute. If your workspace has a lot of channels, we advise your to directly add the channel ID next time.
+
+To find a channel's ID in Slack click the name of the channel at the top of the application and the channel ID will be displayed at the bottom of the modal.