diff --git a/docs/assets/cloudflare/Wrangler_access_granted.png b/docs/assets/cloudflare/Wrangler_access_granted.png new file mode 100644 index 000000000..70f34b5f6 Binary files /dev/null and b/docs/assets/cloudflare/Wrangler_access_granted.png differ diff --git a/docs/assets/cloudflare/Wrangler_consentform.png b/docs/assets/cloudflare/Wrangler_consentform.png new file mode 100644 index 000000000..541099b7d Binary files /dev/null and b/docs/assets/cloudflare/Wrangler_consentform.png differ diff --git a/docs/assets/testruns-step-2.png b/docs/assets/testruns-step-2.png index 3bd80b18c..0f93aaeb4 100644 Binary files a/docs/assets/testruns-step-2.png and b/docs/assets/testruns-step-2.png differ diff --git a/docs/assets/testruns-step-3.png b/docs/assets/testruns-step-3.png index 9cf59bb6d..9604d1872 100644 Binary files a/docs/assets/testruns-step-3.png and b/docs/assets/testruns-step-3.png differ diff --git a/docs/assets/testruns-step-4.png b/docs/assets/testruns-step-4.png index 3bfd8252c..8ecba6726 100644 Binary files a/docs/assets/testruns-step-4.png and b/docs/assets/testruns-step-4.png differ diff --git a/docs/assets/testruns-step-5.png b/docs/assets/testruns-step-5.png index deee65808..ed8a6f91a 100644 Binary files a/docs/assets/testruns-step-5.png and b/docs/assets/testruns-step-5.png differ diff --git a/docs/assets/testruns-step-6.png b/docs/assets/testruns-step-6.png new file mode 100644 index 000000000..b3dbe9bfd Binary files /dev/null and b/docs/assets/testruns-step-6.png differ diff --git a/docs/guides/api-observability.md b/docs/guides/api-observability.md index 038670a12..a2b8048b1 100644 --- a/docs/guides/api-observability.md +++ b/docs/guides/api-observability.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +description: Explore Levo.ai's frictionless API observability guide. Auto-discover and document all your APIs seamlessly while preserving privacy. --- # Frictionless API Observability diff --git a/docs/guides/general/general.md b/docs/guides/general/general.md index fcd593344..b532c4bf2 100644 --- a/docs/guides/general/general.md +++ b/docs/guides/general/general.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +description: Discover general tasks for using Levo.ai. Follow our guides on OS compatibility, private registry setup, and supported platforms for optimal performance. --- This section describes tasks that are common when using Levo. diff --git a/docs/guides/general/private-registry.md b/docs/guides/general/private-registry.md index 083ee0d02..700999677 100644 --- a/docs/guides/general/private-registry.md +++ b/docs/guides/general/private-registry.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +title: "Secure & Organize APIs: Leverage a Private Registry" --- # Use a Private Docker Registry for Kubernetes Installations @@ -25,18 +26,17 @@ region="us-west-2" registry="your.registry" helm repo add levoai https://charts.levo.ai || true -helm repo update +helm repo update levoai images=($(helm template levoai/levoai-satellite | yq -N '..|.image? | select(.)' | sort -u)) images+=($(helm template levoai/levoai-ebpf-sensor | yq -N '..|.image? | select(.)' | sort -u)) for image in "${images[@]}"; do - echo "Pushing $image to $registry" - docker pull "$image" - image_name=levoai/${image##*/} - repo_name=${image_name%:*} + src_image=${image#"docker.io/"} + dest_image="$registry/$src_image" + repo_name=${src_image%:*} aws ecr describe-repositories --repository-names $repo_name --region $region || aws ecr create-repository --repository-name $repo_name --region $region - docker tag "$image" "$registry/$image_name" - docker push "$registry/$image_name" + echo "Copying $src_image to $dest_image" + docker buildx imagetools create --tag $dest_image $src_image done ``` @@ -55,7 +55,6 @@ kubectl create secret docker-registry ecr-auth --docker-server=your.registry --d ```yaml sensor: imageRepo: your.registry/levoai/ebpf_sensor - imageTag: 0.30.1 ``` ### Satellite @@ -65,43 +64,8 @@ global: levoai_config_override: onprem-api: org-id: - refresh-token: - busyboxImage: your.registry/levoai/busybox - -levoai-collector: - image: your.registry/levoai/collector - imageTag: 0.17.2 + refresh-token: + imageRegistry: your.registry imagePullSecrets: - name: ecr-auth - -levoai-ion: - image: - repository: your.registry/levoai/ion - tag: 0.6.0 - imagePullSecrets: - - name: ecr-auth - -rabbitmq: - metrics: - enabled: true - image: - registry: your.registry - repository: levoai/rabbitmq - tag: 3.12.8-debian-11-r1 - pullSecrets: - - ecr-auth - -satellite: - image: - repository: your.registry/levoai/satellite - tag: 0.2.462 - imagePullSecrets: - - name: ecr-auth - -tagger: - image: - repository: your.registry/levoai/satellite - tag: 0.2.462 - imagePullSecrets: - - name: ecr-auth -``` \ No newline at end of file +``` diff --git a/docs/guides/key-concepts.md b/docs/guides/key-concepts.md index ce3873628..681010255 100644 --- a/docs/guides/key-concepts.md +++ b/docs/guides/key-concepts.md @@ -1,6 +1,7 @@ --- sidebar_position: 0 keywords: [API Security, eBPF, API Observability] +description: Understand key concepts in Levo.ai's API observability. Learn about sensors, satellites, and API catalog creation for effective API management and security. --- # Key Concepts diff --git a/docs/guides/security-testing/common-tasks/api-rbac/api-rbac-glob.md b/docs/guides/security-testing/common-tasks/api-rbac/api-rbac-glob.md index f660ba537..dca5deb37 100644 --- a/docs/guides/security-testing/common-tasks/api-rbac/api-rbac-glob.md +++ b/docs/guides/security-testing/common-tasks/api-rbac/api-rbac-glob.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +title: API Role-Based Access Control Testing Guide --- # Associating RBAC Information Using Pattern Matching (Glob) diff --git a/docs/guides/security-testing/common-tasks/authn-authz/authn-authz.md b/docs/guides/security-testing/common-tasks/authn-authz/authn-authz.md index b7679aa6f..9fd6d2e7e 100644 --- a/docs/guides/security-testing/common-tasks/authn-authz/authn-authz.md +++ b/docs/guides/security-testing/common-tasks/authn-authz/authn-authz.md @@ -1,5 +1,6 @@ --- sidebar_position: 0 +title: "API Security Testing: AuthN & AuthZ Best Practices" --- # Providing Authentication / Authorization for Tests diff --git a/docs/guides/security-testing/common-tasks/authn-authz/authz.md b/docs/guides/security-testing/common-tasks/authn-authz/authz.md index 89c328c74..6e7c60a6f 100644 --- a/docs/guides/security-testing/common-tasks/authn-authz/authz.md +++ b/docs/guides/security-testing/common-tasks/authn-authz/authz.md @@ -1,5 +1,6 @@ --- sidebar_position: 3 +title: "Levo.ai Guide: Testing API Authorization Controls" --- # Providing Authorization Information for Authorization Abuse Tests diff --git a/docs/guides/security-testing/common-tasks/authn-authz/horizontal-authz.md b/docs/guides/security-testing/common-tasks/authn-authz/horizontal-authz.md index b9f5c72b2..76638e36e 100644 --- a/docs/guides/security-testing/common-tasks/authn-authz/horizontal-authz.md +++ b/docs/guides/security-testing/common-tasks/authn-authz/horizontal-authz.md @@ -1,5 +1,6 @@ --- sidebar_position: 4 +title: "Stop Unauthorized Access: Secure APIs with Horizontal AuthZ" --- # Providing Authorization Information for `Horizontal Authorization Abuse` Test Cases diff --git a/docs/guides/security-testing/common-tasks/authn-authz/horizontal-n-vertical-authz.md b/docs/guides/security-testing/common-tasks/authn-authz/horizontal-n-vertical-authz.md index 611c178ec..eec8a23c0 100644 --- a/docs/guides/security-testing/common-tasks/authn-authz/horizontal-n-vertical-authz.md +++ b/docs/guides/security-testing/common-tasks/authn-authz/horizontal-n-vertical-authz.md @@ -1,5 +1,6 @@ --- sidebar_position: 6 +title: "Prevent Data Leaks & Access Issues: Test Both AuthZ Types" --- # Providing Authorization Information for Test Plans - `Horizontal & Vertical Authorization Abuse` Test Cases diff --git a/docs/guides/security-testing/common-tasks/authn-authz/vertical-authz.md b/docs/guides/security-testing/common-tasks/authn-authz/vertical-authz.md index 516d40b82..077929feb 100644 --- a/docs/guides/security-testing/common-tasks/authn-authz/vertical-authz.md +++ b/docs/guides/security-testing/common-tasks/authn-authz/vertical-authz.md @@ -1,5 +1,6 @@ --- sidebar_position: 5 +title: "Secure Your APIs: Implement Robust Vertical AuthZ Testing" --- # Providing Authorization Information for `Vertical Authorization Abuse` Test Cases diff --git a/docs/guides/security-testing/common-tasks/common-tasks.md b/docs/guides/security-testing/common-tasks/common-tasks.md index 15641592f..5b1b64743 100644 --- a/docs/guides/security-testing/common-tasks/common-tasks.md +++ b/docs/guides/security-testing/common-tasks/common-tasks.md @@ -1,5 +1,7 @@ --- sidebar_position: 1 +description: Discover common tasks in Levo.ai's security testing. Learn about API authentication, RBAC info, and running test plans with our comprehensive guide. +title: Common Security Testing Tasks | Levo.ai Documentation --- # Common Tasks diff --git a/docs/guides/security-testing/common-tasks/running-test-plans/run-zero-conf-test-plan.md b/docs/guides/security-testing/common-tasks/running-test-plans/run-zero-conf-test-plan.md index 178b6600c..6adbdf58c 100644 --- a/docs/guides/security-testing/common-tasks/running-test-plans/run-zero-conf-test-plan.md +++ b/docs/guides/security-testing/common-tasks/running-test-plans/run-zero-conf-test-plan.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +title: "Effortless API Security Testing: Run Zero-Conf Test Plans" --- # How do I run a Zero Configuration Test Plan? diff --git a/docs/guides/security-testing/test-sample-app/crapi/crapi.md b/docs/guides/security-testing/test-sample-app/crapi/crapi.md index 0cfc642ce..972f553ab 100644 --- a/docs/guides/security-testing/test-sample-app/crapi/crapi.md +++ b/docs/guides/security-testing/test-sample-app/crapi/crapi.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: "API Security Testing Tutorial: CRAPI Sample Application" --- # Evaluate Levo using the sample application `crAPI` diff --git a/docs/guides/security-testing/test-your-app/test-app-schema-conformance.md b/docs/guides/security-testing/test-your-app/test-app-schema-conformance.md index 5bd0ba41d..038b41458 100644 --- a/docs/guides/security-testing/test-your-app/test-app-schema-conformance.md +++ b/docs/guides/security-testing/test-your-app/test-app-schema-conformance.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +title: "Levo.ai: Automate API Schema Conformance Testing" --- # Using your own app to evaluate Levo's schema conformance testing diff --git a/docs/guides/security-testing/test-your-app/test-app-security/choices.md b/docs/guides/security-testing/test-your-app/test-app-security/choices.md index 83a2cee69..36267321a 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/choices.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/choices.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: "Levo.ai Guide: Choosing Tools for API Security Testing" --- # Automatically test APIs for security vulnerabilities diff --git a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/configure-env-yml.md b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/configure-env-yml.md index b232fa060..ae260c522 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/configure-env-yml.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/configure-env-yml.md @@ -1,5 +1,6 @@ --- sidebar_position: 5 +title: Configure env.yml for Data-Driven Security Testing --- # Configure `environment.yml` diff --git a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/execute-test-plan.md b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/execute-test-plan.md index ab585e170..a255c6495 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/execute-test-plan.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/execute-test-plan.md @@ -1,5 +1,7 @@ --- sidebar_position: 6 +description: Execute your test plan with Levo.ai. Follow our guide to use Levo CLI for testing live API endpoints and view detailed results to ensure robust security. +title: Execute Data-Driven Test Plan | Levo.ai Documentation --- # Execute Test Plan diff --git a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/generate-test-plan.md b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/generate-test-plan.md index ab9b676ac..56636c41b 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/generate-test-plan.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/generate-test-plan.md @@ -1,5 +1,7 @@ --- sidebar_position: 3 +description: Generate a security test plan for your app. Follow our zero-configuration guide for comprehensive API security testing and ensure robust protection. +title: Generate Data-Driven Test Plan | Levo.ai Documentation --- diff --git a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/import-apis.md b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/import-apis.md index 8b254a0bb..924089b13 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/data-driven/import-apis.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/data-driven/import-apis.md @@ -1,5 +1,7 @@ --- sidebar_position: 2 +description: "Secure Your APIs: Import Specs, Bypass Authorization & Test with Levo. Auto-gen or upload, Levo simplifies API security testing." +title: Import APIs for Data-Driven Testing | Levo.ai Documentation --- diff --git a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/configure-env-yml.md b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/configure-env-yml.md index e78d29baa..61bb20a27 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/configure-env-yml.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/configure-env-yml.md @@ -1,5 +1,6 @@ --- sidebar_position: 4 +title: Configure env.yml for Zero-Config Testing | Levo.ai --- # Configure `environment.yml` diff --git a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/execute-test-plan.md b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/execute-test-plan.md index b95908c3b..60edb8deb 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/execute-test-plan.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/execute-test-plan.md @@ -1,5 +1,6 @@ --- sidebar_position: 5 +title: Execute Zero-Config Test Plan | Levo.ai Documentation --- # Execute Test Plan diff --git a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/generate-test-plan.md b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/generate-test-plan.md index 3dfe3fa44..3b6545ffd 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/generate-test-plan.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/generate-test-plan.md @@ -1,5 +1,7 @@ --- sidebar_position: 3 +description: Generate a security test plan for your app. Follow our zero-configuration guide for comprehensive API security testing and ensure robust protection. +title: Auto Generate Test Plan | Levo.ai Documentation --- diff --git a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/import-apis.md b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/import-apis.md index eb821afbe..a3e46b261 100644 --- a/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/import-apis.md +++ b/docs/guides/security-testing/test-your-app/test-app-security/zero-conf/import-apis.md @@ -1,5 +1,7 @@ --- sidebar_position: 2 +description: "Secure Your APIs: Import Specs, Bypass Authorization & Test with Levo. Auto-gen or upload, Levo simplifies API security testing." +title: Import APIs for Zero-Config Testing | Levo.ai Documentation --- diff --git a/docs/guides/security-testing/test-your-app/testing-your-own-apps.md b/docs/guides/security-testing/test-your-app/testing-your-own-apps.md index 9adff397e..bd45d31db 100644 --- a/docs/guides/security-testing/test-your-app/testing-your-own-apps.md +++ b/docs/guides/security-testing/test-your-app/testing-your-own-apps.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: "API Security Testing: DIY Guide for Your Apps" --- # How do I use Levo with my own applications? diff --git a/docs/install-api-portal.mdx b/docs/install-api-portal.mdx index 2125c42c7..25a804cf6 100644 --- a/docs/install-api-portal.mdx +++ b/docs/install-api-portal.mdx @@ -55,14 +55,11 @@ By leveraging Levo's API Portal, developers can gain deep insights into their AP ```bash docker run --rm --name=levoai-api-portal \ --e REFRESH_TOKEN='' -e APP_NAME='' \ --e ENV_NAME='' -e LEVO_ORG_ID='' \ --p 8000:80 levoai/api-portal:latest +-e REFRESH_TOKEN='' -e LEVO_ORG_ID='' \ +-p 8080:8080 levoai/api-portal:latest ``` - > ##### **_NOTE:_** -> ##### * Default `ENV_NAME` environment value is `staging`. > ##### * If user is part of multiple orgs, you would have to add `-e LEVO_ORG_ID='` otherwise optional. > ##### * If you are running for an app from Levo's India Saas instance, add this environment variable `-e LEVO_BASE_URL='https://api.india-1.levo.ai'`. @@ -80,7 +77,7 @@ docker run --rm --name=levoai-api-portal \ - Add Levo Helm repo ```bash -helm repo add levoai https://levoai.github.io/helm-charts/ +helm repo add levoai https://charts.levo.ai && helm repo update levoai ``` - Run following command to install the API Portal Helm Chart @@ -88,22 +85,19 @@ helm repo add levoai https://levoai.github.io/helm-charts/ ```bash helm install levoai-api-portal levoai/levoai-api-portal \ --set levoAuthKey="your_auth_key" \ ---set levoAppName="your_app_name" \ ---set levoEnvName="your_env_name" \ --set levoOrgId="your_org_id" ``` > ##### **_NOTE:_** -> ##### * Default `ENV_NAME` environment value is `staging`. > ##### * If user is part of multiple orgs, you would have to add `-e LEVO_ORG_ID=''` otherwise optional. > ##### * If you are running for an app from Levo's India Saas instance, add this environment variable `-e LEVO_BASE_URL='https://api.india-1.levo.ai'`.
-- Port forward and navigate to `http://localhost:8000` to view the API docs. +- Port forward and navigate to `http://localhost:8000` to view the API docs or setup LoadBalancer as per your requirements. ```bash -kubectl port-forward services/levoai-api-portal 8000:80 +kubectl port-forward services/levoai-api-portal 8080:80 ``` ### Install via Terraform diff --git a/docs/install-code-analysis-tools.md b/docs/install-code-analysis-tools.md index 0e10f88af..684d70387 100644 --- a/docs/install-code-analysis-tools.md +++ b/docs/install-code-analysis-tools.md @@ -1,5 +1,6 @@ --- sidebar_position: 6 +description: Install Levo.ai code analysis tools with our comprehensive guide. Enhance your API security with easy setup and detailed instructions. --- # Install Code Analysis Tools diff --git a/docs/install-log-parsing-sensors.md b/docs/install-log-parsing-sensors.md deleted file mode 100644 index 2c48fb9a8..000000000 --- a/docs/install-log-parsing-sensors.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -sidebar_position: 5 ---- - -# Install Log Parsing Sensors - -## Access Logs Based Instrumentation - -### i. Pre-requisites -- Satellite has been successfully installed. -- You have noted down the Satellite's `hostname:port` or `ip-address:port` information. -- The Satellite is reachable (via HTTP/s) from the location where you are going to install the log-parser. - -## ii. Pick an `Application Name` -Auto discovered API endpoints and their OpenAPI specifications are shown in the [API Catalog](/guides/security-testing/concepts/api-catalog), grouped under an application name. The application name helps segregate and group API endpoints from different environments, similar to how file folders work in an operating system. - -Pick a descriptive name which will be used in the subsequent step below. For example: `my-test-app`. - -## iii. Follow instructions for your platform -Follow instructions for your specific platform/method below: -- [Install on Linux host via Docker](#install-on-linux-host-via-docker) - ------------------------------------------------------------------------ - -## Install on Linux host via Docker - -### Prerequisites -- Docker Engine version `18.03.0` and above - -### 1. Install Log Parser - -> If you are installing the Satellite and Log Parser on the ***same*** Linux host, please do ***NOT*** use `localhost` as the hostname below. Use the Linux host's `IP address`, or `domain name` instead. This is required as the Log Parser runs inside a Docker container, and `localhost` resolves to the Log Parser container's IP address, instead of the Linux host. - -```bash -# Replace '' with the values you noted down from the Satellite install -# -# Specify below the 'APP_NAME'. Do not quote the 'APP_NAME'. -# Environment Name is optional. If not specified, it defaults to 'staging' -# -docker run --rm -d --name=log-parser \ - -v ./logs:/mnt/levo/logs \ - -e LEVO_SATELLITE_URL= \ - -e LEVOAI_ORG_ID= \ - -e APP_NAME= \ - -e ENV_NAME= \ - levoai/log-parser -``` - -#### NOTE: -- The default address for the satellite in Docker-based Log Parser installations is `https://satellite.levo.ai`. -- In case of levo hosted satellite, it is necessary that you must also specify an organization ID (`LEVOAI_ORG_ID`). -- If you wish, you may also host the Satellite yourself and specify the address of the satellite to direct the Log Parser's data to it. - -### 2. Verify connectivity with Satellite -Execute the following command to check for connectivity health: - -```bash -# Please specify the actual container name for log-parser below -docker logs log-parser | grep "starting fluentd" -``` -If connectivity is healthy, you should see output similar to below. - -```bash -2024-02-22 01:27:06 +0000 [info]: starting fluentd-1.16.3 pid=7 ruby="3.2.2" -2024-02-22 01:27:06 +0000 [info]: #0 starting fluentd worker pid=16 ppid=7 worker=0 -2024-02-22 01:27:06.831947051 +0000 fluent.info: {"pid":16,"ppid":7,"worker":0,"message":"starting fluentd worker pid=16 ppid=7 worker=0"} -``` - -Please proceed to the next step, if there are no errors. - diff --git a/docs/install-log-parsing-sensors/_category_.json b/docs/install-log-parsing-sensors/_category_.json new file mode 100644 index 000000000..fb44ef197 --- /dev/null +++ b/docs/install-log-parsing-sensors/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Install Log Parsing Sensors", + "position": 5 +} diff --git a/docs/install-log-parsing-sensors/install-log-parsing-sensors.mdx b/docs/install-log-parsing-sensors/install-log-parsing-sensors.mdx new file mode 100644 index 000000000..2e8f9b52e --- /dev/null +++ b/docs/install-log-parsing-sensors/install-log-parsing-sensors.mdx @@ -0,0 +1,211 @@ +--- +sidebar_position: 0 +--- + +# Install Log Parsing Sensors + +import BrowserOnly from '@docusaurus/BrowserOnly'; + +export function Download() { + return ( + Loading...}> + {() => ( + Download + )} + + ); +} + + +## Access Logs Based Instrumentation + +### i. Pre-requisites +- Satellite has been successfully installed. +- You have noted down the Satellite's `hostname:port` or `ip-address:port` information. +- The Satellite is reachable (via HTTP/s) from the location where you are going to install the log-parser. + +### Approaches +- For below log formats proceed with [Approach 1](#approach-1). + - Nginx + - Apache + - Azure API Gateway + +- For below log formats proceed with [Approach 2](#approach-2). + - CEF + +> Note: For instrumenting [Imperva WAF - Incapsula](https://www.imperva.com/products/web-application-firewall-waf/) logs that are stored on Amazon S3 Bucket, please proceed with [Approach 2](#approach-2). + +----------------------------------------------------------------------- + +## Approach 1 +### Follow instructions for your platform +- [Install on Linux host via Docker](#install-on-linux-host-via-docker-approach-1) + + +### Install on Linux host via Docker {#install-on-linux-host-via-docker-approach-1} + +#### Prerequisites +- Docker Engine version `18.03.0` and above +- Pick an `Application Name` + Auto discovered API endpoints and their OpenAPI specifications are shown in the [API Catalog](/guides/security-testing/concepts/api-catalog), grouped under an application name. The application name helps segregate and group API endpoints from different environments, similar to how file folders work in an operating system. +
Pick a descriptive name which will be used in the subsequent step below. For example: `my-test-app`. + +#### Installation +```bash +# Replace '' with the values you noted down from the Satellite install +# +# Specify below the 'APP_NAME'. Do not quote the 'APP_NAME'. +# Environment Name is optional. If not specified, it defaults to 'staging' +# +docker run --rm -d --name=log-parser \ + -v ./logs:/mnt/levo/logs \ + -e LEVO_SATELLITE_URL= \ + -e LEVOAI_ORG_ID= \ + -e APP_NAME= \ + -e ENV_NAME= \ + levoai/log-parser +``` + +> NOTE: +- The default address for the satellite in Docker-based Log Parser installations is `https://satellite.levo.ai`. +- In case of levo hosted satellite, it is necessary that you must also specify an organization ID (`LEVOAI_ORG_ID`). +- If you wish, you may also host the Satellite yourself and specify the address of the satellite to direct the Log Parser's data to it. + +#### 2. Verify connectivity with Satellite +Execute the following command to check for connectivity health: + +```bash +# Please specify the actual container name for log-parser below +docker logs log-parser | grep "starting fluentd" +``` +If connectivity is healthy, you should see output similar to below. + +```bash +2024-02-22 01:27:06 +0000 [info]: starting fluentd-1.16.3 pid=7 ruby="3.2.2" +2024-02-22 01:27:06 +0000 [info]: #0 starting fluentd worker pid=16 ppid=7 worker=0 +2024-02-22 01:27:06.831947051 +0000 fluent.info: {"pid":16,"ppid":7,"worker":0,"message":"starting fluentd worker pid=16 ppid=7 worker=0"} +``` + +Please proceed to the next step, if there are no errors. + +## Approach 2 + +- [Install on Linux host via Docker](#install-on-linux-host-via-docker) +- [Install on Kubernetes via Helm](#install-on-kubernetes-via-helm) + +### Install on Linux host via Docker + +#### 1. Prerequisites +- Docker Engine version `18.03.0` and above. + +#### 2. Installation steps +- the docker-compose and configuration files. +- Run below command to install log-parser containers filebeat and logstash. +```bash +docker compose up -d +``` + +#### 3. Verify the installation +- Verify the installation by checking the logs of the containers. +```bash +docker ps -f name=levoai +``` +- View the logs of the container by running below command. +```bash +docker logs -f levoai-logstash +docker logs -f levoai-filebeat +``` + +#### 4. Uninstallation steps +- Clean up the containers by running below command. +```bash +docker compose down +docker volume rm log-parser_filebeat-data log-parser_logstash-queue && rm -rf filebeat/data/ && rm -rf logstash/data/ +``` + +### Install on Kubernetes via Helm + +#### 1. Prerequisites +- Kubernetes version >= `v1.18.0` +- [Helm v3](https://helm.sh/docs/intro/install/) installed and working. +- The Kubernetes cluster API endpoint should be reachable from the machine you are running Helm. +- `kubectl` access to the cluster, with `cluster-admin` permissions. +- At least 4 CPUs +- At least 8 GB RAM + +#### 2. Add levoai Helm repo +```bash +helm repo add levoai https://charts.levo.ai && helm repo update levoai +``` + +#### 3. Installation steps +- Create secret for `aws-credentials` with your AWS credentials which has access to the S3 bucket. +```bash +kubectl apply -f aws-credentials.yaml +``` + +```bash + # aws-credentials.yaml + apiVersion: v1 + kind: Secret + metadata: + name: aws-credentials + labels: + app: levoai-filebeat + app.kubernetes.io/name: aws-credentials-secret + type: Opaque + data: + aws-bucket-arn: "> + aws-access-key-id: + aws-secret-access-key: + aws-default-region: +``` + +- Run the below command to install the log-parser containers in `levoai` namespace. +```bash +helm upgrade --install -n levoai --create-namespace levoai-log-parser levoai/levoai-log-parser --set global.levoaiOrgId= +``` + +:::info +By default this will send all the logs to satellite running in the same namespace. +If you want to send logs to a different satellite, you can specify the satellite URL using `--set global.levoaiSatelliteUrl=`.
+In case of levo hosted satellite, use satellite url as `https://collector.levo.ai`. +::: + +#### 4. Verify the installation + +Check the status of the pods by running below command. +```bash +kubectl get pods -n levoai +``` +If the `levoai-log-parser` helm is healthy, you should see output similar to below. +```bash +NAME READY STATUS RESTARTS AGE +levoai-filebeat-6bbf84d957-c44kh 1/1 Running 0 104s +levoai-logstash-77775d78c-q7cgm 1/1 Running 0 104s +``` +Check the status of the services by running below command. +```bash +kubectl get services -n levoai +``` +If the `levoai-logstash` service is healthy, you should see output similar to below. +```bash +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +levoai-logstash ClusterIP 10.0.81.244 5044/TCP 120s +``` + +#### 5. Uninstallation steps +- Run the below command to uninstall the services. +```bash +helm uninstall levoai-log-parser +``` +```bash +kubectl delete secret aws-credentials -n levoai +``` + + +--- + +### Need Help? +For further assistance, please reach out to [Levo.ai Support](mailto:support@levo.ai). + diff --git a/docs/install-satellite/install-satellite.md b/docs/install-satellite/install-satellite.md index 57ac3303c..4f1e0daac 100644 --- a/docs/install-satellite/install-satellite.md +++ b/docs/install-satellite/install-satellite.md @@ -22,19 +22,30 @@ The Satellite uses an authorization key to access Levo.ai. - [Login](https://app.levo.ai/login) to Levo.ai. - Click on your user profile. -- Click on `User Settings` -- Click on `Keys` on the left navigation panel -- Click on `Get Satellite Authorization Key` +- Click on `User Settings`. +- Click on `Keys` on the left navigation panel. +- Click on `Get Satellite Authorization Key`. Copy your authorization key. This key is required in subsequent steps below. +## 3. Copy `Organization ID` from Levo.ai -## 3. Follow instructions for your platform -- [Install on Kubernetes](satellite-kubernetes.md) +The Satellite uses an organization ID to authenticate incoming requests. + +- [Login](https://app.levo.ai/login) to Levo.ai. +- Click on your user profile. +- Click on `User Settings`. +- Click on `Organizations` on the left navigation panel. +- Click on `Copy` button to copy the Organization ID. + + +## 4. Follow instructions for your platform +- [Install on Kubernetes](satellite-kubernetes.mdx) - [Install on Linux host via Docker Compose](satellite-docker.mdx) - [Install in AWS EC2 using Levo Satellite AMI](satellite-ami-aws-ec2.mdx) - [Install in AWS EKS](satellite-aws-eks.md) - [Install in AWS EKS using EC2](satellite-aws-ecs.mdx) - [Install in AWS EKS using Fargate](satellite-aws-eks-fargate.md) - [Install in AWS ECS](satellite-aws-ecs.mdx) +- [Install on Windows](satellite-windows.mdx) diff --git a/docs/install-satellite/satellite-aws-ecs.mdx b/docs/install-satellite/satellite-aws-ecs.mdx index 2648d05ed..470401745 100644 --- a/docs/install-satellite/satellite-aws-ecs.mdx +++ b/docs/install-satellite/satellite-aws-ecs.mdx @@ -1,5 +1,6 @@ --- sidebar_position: 6 +description: Set up Levo.ai Satellite on AWS ECS with our detailed guide. Ensure robust API security through comprehensive installation and deployment instructions. --- import BrowserOnly from '@docusaurus/BrowserOnly'; @@ -52,215 +53,215 @@ export function DownloadMainTF() { { "family": "levoai-satellite", "containerDefinitions": [ -{ - "name": "levoai-satellite", - "image": "levoai/satellite", - "cpu": 0, - "portMappings": [ -{ - "name": "levoai-satellite-9999-tcp", - "containerPort": 9999, - "hostPort": 9999, - "protocol": "tcp", - "appProtocol": "http" -} - ], - "essential": true, - "command": [ - "-w", - "1", - "-b", - "0.0.0.0:9999", - "--worker-class", - "gevent", - "--worker-connections", - "30", - "levoai_e7s.satellite.satellite:create_server()" - ], - "environment": [ -{ - "name": "LEVOAI_DEBUG_SERVER_HOST", - "value": "host.docker.internal" -}, -{ - "name": "LEVOAI_ORG_ID", - "value": "899590a5-0cca-47f3-915d-31e8a0d2386a" -}, -{ - "name": "LEVOAI_MODE", - "value": "docker-compose" -}, -{ - "name": "LEVOAI_CONF_OVERRIDES", - "value": "value": "{\"onprem-api\": {\"url\": \"${LEVOAI_BASE_URL}\", \"refresh-token\": \"${LEVOAI_AUTH_KEY}\", \"org-id\": \"${LEVOAI_ORG_ID:-}\", \"org-prefix\": \"${LEVOAI_ORG_PREFIX:-}\"},\"traces_queue\": {\"type\": \"sqs\"}}" -}, -{ - "name": "LEVOAI_DEBUG_ENABLED", - "value": "false" -}, -{ - "name": "LEVOAI_AUTH_KEY", - "value": "INSERT YOUR LEVO.AI AUTH KEY HERE" -}, -{ - "name": "LEVOAI_BASE_URL", - "value": "https://api.levo.ai" -}, -{ - "name": "LEVOAI_LOG_LEVEL", - "value": "INFO" -}, -{ - "name": "LEVOAI_DEBUG_PORT", - "value": "12345" -} - ], - "mountPoints": [], - "volumesFrom": [], - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/satellite", - "awslogs-region": "< INSERT YOUR AWS REGION HERE >", - "awslogs-stream-prefix": "ecs" -} -} -}, -{ - "name": "levoai-tagger", - "image": "levoai/satellite", - "cpu": 0, - "portMappings": [], - "essential": true, - "entryPoint": [ - "python", - "-OO" - ], - "command": [ - "/opt/levoai/e7s/src/python/levoai_e7s/tag_server.py" - ], - "environment": [ -{ - "name": "LEVOAI_DEBUG_SERVER_HOST", - "value": "host.docker.internal" -}, -{ - "name": "LEVOAI_ORG_ID", - "value": "INSERT YOUR AWS REGION HERE", -}, -{ - "name": "LEVOAI_MODE", - "value": "docker-compose" -}, -{ - "name": "LEVOAI_CONF_OVERRIDES", - "value": "{\"onprem-api\":{\"url\": \"${LEVOAI_BASE_URL}\",\"refresh-token\":\"${LEVOAI_AUTH_KEY}\",\"org-id\": \"${LEVOAI_ORG_ID}\",\"org-prefix\": \"${LEVOAI_ORG_PREFIX}\"},\"url_clusterer_id_len\": 1,\"min_urls_required_per_pattern\": 10,\"dynamic_url_threshold_factor\": 0.5,\"cookie_auth_keys\": \"${LEVOAI_COOKIE_AUTH_KEYS:-}\",\"disable_ml_detector\": true,\"service_naming\":{\"strategies\": \"KUBERNETES_METADATA,HOST_HEADER,DEFAULT\"},\"user_resolvers\": [],\"sample_collection\":{\"enabled\": true,\"max_samples_per_end_point\": 2,\"users\": []},\"tagger_batch_interval_minute\": 5,\"api_rule_evaluation\":{\"enabled\": true},\"ion\":{\"url\": \"http://levoai-ion:8000\"},\"enable_ssl_cert_checks\": true,\"sensitive_data_config\": [],\"traces_queue\":{\"type\": \"sqs\"}}" -}, -{ - "name": "PI_DETECTOR_DATA_DIR", - "value": "/opt/levoai/datasets/" -}, -{ - "name": "LEVOAI_DEBUG_ENABLED", - "value": "false" -}, -{ - "name": "LEVOAI_AUTH_KEY", - "value": "INSERT YOUR LEVO.AI AUTH KEY HERE" -}, -{ - "name": "LEVOAI_BASE_URL", - "value": "https://api.levo.ai" -}, -{ - "name": "LEVOAI_LOG_LEVEL", - "value": "INFO" -}, -{ - "name": "LEVOAI_DEBUG_PORT", - "value": "1234" -} - ], - "mountPoints": [], - "volumesFrom": [], - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/satellite", - "awslogs-region": "INSERT YOUR AWS REGION HERE", - "awslogs-stream-prefix": "ecs" -} -} -}, -{ - "name": "levoai-collector", - "image": "levoai/collector", - "cpu": 0, - "portMappings": [ -{ - "name": "levoai-collector-4317-tcp", - "containerPort": 4317, - "hostPort": 4317, - "protocol": "tcp", - "appProtocol": "http" -} - ], - "essential": true, - "environment": [], - "mountPoints": [], - "volumesFrom": [], - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/satellite", - "awslogs-region": "INSERT YOUR AWS REGION HERE", - "awslogs-stream-prefix": "ecs" -} -} -}, -{ - "name": "levoai-ion", - "image": "levoai/ion", - "cpu": 0, - "portMappings": [ -{ - "name": "levoai-ion-8000-tcp", - "containerPort": 8000, - "hostPort": 8000, - "protocol": "tcp", - "appProtocol": "http" -} - ], - "essential": false, - "environment": [], - "mountPoints": [], - "volumesFrom": [], - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/satellite", - "awslogs-region": "INSERT YOUR AWS REGION HERE", - "awslogs-stream-prefix": "ecs" -} -} -} + { + "name": "levoai-satellite", + "image": "levoai/satellite", + "cpu": 0, + "portMappings": [ + { + "name": "levoai-satellite-9999-tcp", + "containerPort": 9999, + "hostPort": 9999, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": true, + "command": [ + "-w", + "1", + "-b", + "0.0.0.0:9999", + "--worker-class", + "gevent", + "--worker-connections", + "30", + "levoai_e7s.satellite.satellite:create_server()" + ], + "environment": [ + { + "name": "LEVOAI_DEBUG_SERVER_HOST", + "value": "host.docker.internal" + }, + { + "name": "LEVOAI_ORG_ID", + "value": "899590a5-0cca-47f3-915d-31e8a0d2386a" + }, + { + "name": "LEVOAI_MODE", + "value": "docker-compose" + }, + { + "name": "LEVOAI_CONF_OVERRIDES", + "value": "{\"onprem-api\": {\"url\": \"${LEVOAI_BASE_URL}\", \"refresh-token\": \"${LEVOAI_AUTH_KEY}\", \"org-id\": \"${LEVOAI_ORG_ID:-}\", \"org-prefix\": \"${LEVOAI_ORG_PREFIX:-}\"},\"traces_queue\": {\"type\": \"sqs\"}}" + }, + { + "name": "LEVOAI_DEBUG_ENABLED", + "value": "false" + }, + { + "name": "LEVOAI_AUTH_KEY", + "value": "INSERT YOUR LEVO.AI AUTH KEY HERE" + }, + { + "name": "LEVOAI_BASE_URL", + "value": "https://api.levo.ai" + }, + { + "name": "LEVOAI_LOG_LEVEL", + "value": "INFO" + }, + { + "name": "LEVOAI_DEBUG_PORT", + "value": "12345" + } + ], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/satellite", + "awslogs-region": "< INSERT YOUR AWS REGION HERE >", + "awslogs-stream-prefix": "ecs" + } + } + }, + { + "name": "levoai-tagger", + "image": "levoai/satellite", + "cpu": 0, + "portMappings": [], + "essential": true, + "entryPoint": [ + "python", + "-OO" + ], + "command": [ + "/opt/levoai/e7s/src/python/levoai_e7s/tag_server.py" + ], + "environment": [ + { + "name": "LEVOAI_DEBUG_SERVER_HOST", + "value": "host.docker.internal" + }, + { + "name": "LEVOAI_ORG_ID", + "value": "INSERT YOUR AWS REGION HERE" + }, + { + "name": "LEVOAI_MODE", + "value": "docker-compose" + }, + { + "name": "LEVOAI_CONF_OVERRIDES", + "value": "{\"onprem-api\":{\"url\": \"${LEVOAI_BASE_URL}\",\"refresh-token\":\"${LEVOAI_AUTH_KEY}\",\"org-id\": \"${LEVOAI_ORG_ID}\",\"org-prefix\": \"${LEVOAI_ORG_PREFIX}\"},\"url_clusterer_id_len\": 1,\"min_urls_required_per_pattern\": 10,\"dynamic_url_threshold_factor\": 0.5,\"cookie_auth_keys\": \"${LEVOAI_COOKIE_AUTH_KEYS:-}\",\"disable_ml_detector\": true,\"service_naming\":{\"strategies\": \"KUBERNETES_METADATA,HOST_HEADER,DEFAULT\"},\"user_resolvers\": [],\"sample_collection\":{\"enabled\": true,\"max_samples_per_end_point\": 2,\"users\": []},\"tagger_batch_interval_minute\": 5,\"api_rule_evaluation\":{\"enabled\": true},\"ion\":{\"url\": \"http://levoai-ion:8000\"},\"enable_ssl_cert_checks\": true,\"sensitive_data_config\": [],\"traces_queue\":{\"type\": \"sqs\"}}" + }, + { + "name": "PI_DETECTOR_DATA_DIR", + "value": "/opt/levoai/datasets/" + }, + { + "name": "LEVOAI_DEBUG_ENABLED", + "value": "false" + }, + { + "name": "LEVOAI_AUTH_KEY", + "value": "INSERT YOUR LEVO.AI AUTH KEY HERE" + }, + { + "name": "LEVOAI_BASE_URL", + "value": "https://api.levo.ai" + }, + { + "name": "LEVOAI_LOG_LEVEL", + "value": "INFO" + }, + { + "name": "LEVOAI_DEBUG_PORT", + "value": "1234" + } + ], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/satellite", + "awslogs-region": "INSERT YOUR AWS REGION HERE", + "awslogs-stream-prefix": "ecs" + } + } + }, + { + "name": "levoai-collector", + "image": "levoai/collector", + "cpu": 0, + "portMappings": [ + { + "name": "levoai-collector-4317-tcp", + "containerPort": 4317, + "hostPort": 4317, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": true, + "environment": [], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/satellite", + "awslogs-region": "INSERT YOUR AWS REGION HERE", + "awslogs-stream-prefix": "ecs" + } + } + }, + { + "name": "levoai-ion", + "image": "levoai/ion", + "cpu": 0, + "portMappings": [ + { + "name": "levoai-ion-8000-tcp", + "containerPort": 8000, + "hostPort": 8000, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": false, + "environment": [], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/satellite", + "awslogs-region": "INSERT YOUR AWS REGION HERE", + "awslogs-stream-prefix": "ecs" + } + } + } ], "taskRoleArn": "INSERT THE ARN OF THE ROLE YOU WANT TO ASSIGN TO THIS TASK HERE", "executionRoleArn": "INSERT THE ARN OF THE ROLE YOU WANT TO ASSIGN TO THIS TASK HERE", "networkMode": "awsvpc", "requiresCompatibilities": [ - "FARGATE" + "FARGATE" ], "cpu": "4096", "memory": "8192", "runtimePlatform": { - "cpuArchitecture": "X86_64", - "operatingSystemFamily": "LINUX" -} + "cpuArchitecture": "X86_64", + "operatingSystemFamily": "LINUX" + } } ``` :::info diff --git a/docs/install-satellite/satellite-aws-eks-fargate.md b/docs/install-satellite/satellite-aws-eks-fargate.md index 3bed380c9..50748a220 100644 --- a/docs/install-satellite/satellite-aws-eks-fargate.md +++ b/docs/install-satellite/satellite-aws-eks-fargate.md @@ -82,7 +82,7 @@ The `--role` argument sets the correct role and policies so that seemless access ### 4. Install the satellite -Please follow the instructions in the [Install on Kubernetes](satellite-kubernetes.md) section to install the Satellite. +Please follow the instructions in the [Install on Kubernetes](satellite-kubernetes.mdx) section to install the Satellite. Please ensure that you note down the address of the collector. diff --git a/docs/install-satellite/satellite-aws-eks.md b/docs/install-satellite/satellite-aws-eks.md index b75964b95..5c9677a61 100644 --- a/docs/install-satellite/satellite-aws-eks.md +++ b/docs/install-satellite/satellite-aws-eks.md @@ -166,7 +166,7 @@ eksctl create addon --name aws-ebs-csi-driver --cluster ${CLUSTER_NAME} --region ### 5. Install the satellite -Please follow the instructions in the [Install on Kubernetes](satellite-kubernetes.md) section to install the Satellite. +Please follow the instructions in the [Install on Kubernetes](satellite-kubernetes.mdx) section to install the Satellite. Please ensure that you note down the address of the collector. diff --git a/docs/install-satellite/satellite-docker.mdx b/docs/install-satellite/satellite-docker.mdx index dcbc90068..039434a59 100644 --- a/docs/install-satellite/satellite-docker.mdx +++ b/docs/install-satellite/satellite-docker.mdx @@ -1,9 +1,11 @@ --- sidebar_position: 2 +description: Set up Levo.ai Satellite on Docker. Follow our detailed guide for installation and deployment to enhance API security in Docker environments. --- - # Satellite via Docker +## Section: 1 + import BrowserOnly from '@docusaurus/BrowserOnly'; export function DownloadDockerComposeLink() { @@ -14,6 +16,16 @@ export function DownloadDockerComposeLink() { )} ); +}; + +export function DownloadShellScriptLink() { + return ( + Loading...}> + {() => ( + levo_satellite.sh + )} + + ); } ### Prerequisites @@ -57,7 +69,7 @@ docker compose pull && docker compose up -d The Satellite is comprised of four sub components 1) levoai-collector, 2) levoai-rabbitmq, 3)levoai-satellite, and 4) levoai-tagger. -Wait couple of minutes after the install, and check the health of the components by executing the following: +Wait a couple of minutes after the installation, and check the health of the components by executing the following: ```bash docker ps -f name=levoai @@ -88,7 +100,7 @@ If connectivity is healthy, you will see output similar to below. ### 4. Note down `Host:Port` information The Collector now runs in a container, and is reachable on the host via port 4317 (on all the host's network interfaces). -Please note down the either the host's IP address or domain name. The Sensor will be configured to communicate with the Collector at :4317. +Please note down either the host's IP address or domain name. The Sensor will be configured to communicate with the Collector at :4317. Please proceed to [install traffic capture sensors](/install-traffic-capture-sensors). @@ -96,6 +108,13 @@ Please proceed to [install traffic capture sensors](/install-traffic-capture-sen ## Satellite Lifecycle Management + +### Upgrade the Satellite +1. Navigate to directory where you have the Docker Compose file. +2. [Reinstall](#2-install-satellite) the Satellite. The install always *pulls* the latest Docker images for the Satellite. + +> **Note**: If the re-installation fails, please [Uninstall](#uninstall-the-satellite) the Satellite and then reinstall. + ### Uninstall the Satellite Ensure you are in the same directory where you downloaded the . @@ -105,22 +124,6 @@ Execute the below command: docker compose down --remove-orphans -v ``` -### Upgrade the Satellite -1. [Uninstall](#uninstall-the-satellite) the Satellite -2. [Reinstall](#2-install-satellite) the Satellite. The install always *pulls* the latest Docker images for the Satellite. - - -### Change the `minimum number of URLs` that the satellite needs to observe to detect an API endpoint. -To detect an API endpoint, Satellite waits for at least '10' URLs to match that endpoint URL pattern. -This number may cause delays in detecting API endpoints when there is not enough load. - -If you want to change this number to suit your environment: -- export the environment variable `LEVOAI_MIN_URLS_PER_PATTERN` - for example : - `export LEVOAI_MIN_URLS_PER_PATTERN=3` - -- Reinstall the Satellite to pickup the new configuration - - ### List Satellite's containers ```bash docker ps | grep -E 'levoai/collector|bitnami/rabbitmq|levoai/satellite|levoai/tagger' @@ -141,6 +144,19 @@ docker logs -f docker logs --since 1m ``` +---- + +## Configuration + +### Change the `minimum number of URLs` that the satellite needs to observe to detect an API endpoint. +To detect an API endpoint, Satellite waits for at least '10' URLs to match that endpoint URL pattern. +This number may cause delays in detecting API endpoints when there is not enough load. + +If you want to change this number to suit your environment: +- Export the environment variable `LEVOAI_MIN_URLS_PER_PATTERN` - for example : `export LEVOAI_MIN_URLS_PER_PATTERN=3` + +- Reinstall the Satellite to pickup the new configuration + ------------------------------------------------------------------ ### Troubleshooting @@ -181,4 +197,99 @@ docker logs levoai-tagger | grep "ConnectionRefusedError: [Errno 111] Connection If there are exception messages, Tagger is unable to connect to dependent services. It generally establishes connection after 3/4 retries. Please contact support@levo.ai for further assistance. +------------------------------------------------------------------------------------ + +## Section: 2 + +## Install on Docker using Shell Script + +### 1. Download Shell Script File +Levo provides Shell Script file for the Satellite that can be installed via Docker. + +Download script file to your desktop. + +### 2. Install Satellite + +Permissions: Ensure the script has executable permissions. + +Otherwise, run the following command to add executable permissions. + +```bash +chmod +x ./levo_satellite.sh +``` + +Set the following environment variables. +```bash +export LEVOAI_AUTH_KEY='Authorization Key' +export LEVOAI_ORG_ID='Org ID' +``` + +:::info + +Depending on the region you are installing in, you may need to set a different Levo base URL for the satellite. + +For example, if the satellite will be used with `app.india-1.levo.ai`, the installation command will be: + +```bash +export LEVOAI_BASE_URL='https://api.india-1.levo.ai' +``` + +::: + + +#### i. Start Levo Satellite + +Execute following command to start Levo satellite. + +```bash +./levo_satellite.sh start +``` +:::note + +If you are running the script with `sudo`, ensure that the environment variables are also set with `sudo`. Otherwise, the script will not have access to these variables. + +Alternatively, you can use the `-E` flag with `sudo` to preserve the user-defined environment variables, like this: +```bash +sudo -E ./levo_satellite.sh start +``` +This ensures the script can access the required environment variables without explicitly redefining them under sudo. + +::: + +#### ii. Stop the Levo Satellite + +Execute following command to stop or uninstall Levo satellite components. + +```bash +./levo_satellite.sh stop +``` + +#### iii. Restart the Levo Satellite + +To restart the Levo satellite components, execute the following command. + +```bash +./levo_satellite.sh restart +``` + +#### iv. Upgrade the Levo Satellite + +Execute the following command to upgrade the existing satellite setup. + +Running this command will download the latest docker compose file and restarts all the satellite components. + +```bash +./levo_satellite.sh upgrade +``` + +#### v. Share Satellite logs with Levo Support + +Execute the following command to collect logs from all Satellite components. This will create an archive as /tmp/levoai_satellite_logs_%date-time%.tar.gz + +```bash +./levo_satellite.sh get-logs +``` +----------------------- +### Need Help? +For further assistance, please reach out to [Levo.ai Support](mailto:support@levo.ai). \ No newline at end of file diff --git a/docs/install-satellite/satellite-kubernetes.md b/docs/install-satellite/satellite-kubernetes.mdx similarity index 65% rename from docs/install-satellite/satellite-kubernetes.md rename to docs/install-satellite/satellite-kubernetes.mdx index 49d28fad7..4ce1e0c8e 100644 --- a/docs/install-satellite/satellite-kubernetes.md +++ b/docs/install-satellite/satellite-kubernetes.mdx @@ -1,10 +1,25 @@ --- sidebar_position: 1 +description: Install Levo.ai Satellite on Kubernetes. Follow our detailed guide for setup, deployment, and ensuring API security with Levo.ai's comprehensive tools. --- # Satellite on Kubernetes +import BrowserOnly from '@docusaurus/BrowserOnly'; + +export function DownloadGetLogsScript() { + return ( + Loading...}> + {() => ( + download + )} + + ); +} + +## Setup + ### Prerequisites - Kubernetes version >= `v1.18.0` - [Helm v3](https://helm.sh/docs/intro/install/) installed and working. @@ -19,9 +34,9 @@ sidebar_position: 1 export LEVOAI_AUTH_KEY=<'Authorization Key'> ``` -### 2. Install levoai Helm repo +### 2. Add levoai Helm repo ```bash -helm repo add levoai https://charts.levo.ai && helm repo update +helm repo add levoai https://charts.levo.ai && helm repo update levoai ``` ### 3. Create `levoai` namespace & install Satellite @@ -55,10 +70,62 @@ You will need to expose the Satellite via either a `LoadBalancer` or `NodePort`, # Please modify this command template and choose either 'LoadBalancer' or 'NodePort', prior to execution helm upgrade --install -n levoai --create-namespace \ --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ - --set levoai-collector.service.type= \ + --set haproxy.service.type= \ # --set global.levoai_config_override.onprem-api.url="https://api.india-1.levo.ai" \ levoai-satellite levoai/levoai-satellite ``` +::: + +#### If rabbitmq persistence needs to be disabled +You will need to set rabbitmq.persistence.enabled property to false. + +```bash +helm upgrade --install -n levoai --create-namespace \ + --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ + --set rabbitmq.persistence.enabled=false \ + # --set global.levoai_config_override.onprem-api.url="https://api.india-1.levo.ai" \ + levoai-satellite levoai/levoai-satellite +``` + + +#### Kubernetes related customizations + +##### Add Tolerations, Affinity and Node Selectors + +Tolerations, Affinity and Node Selectors for the Satellite pods may be specified via helm values. For example: + +```yaml +tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: "devops" + operator: "Equal" + value: "dedicated" + effect: "NoSchedule" +nodeSelector:s + kubernetes.io/hostname: "mavros" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value +``` + + ### 4. Verify connectivity with Levo.ai @@ -66,7 +133,7 @@ helm upgrade --install -n levoai --create-namespace \ The Satellite is comprised of five sub components 1) levoai-collector, 2) levoai-ion, 3) levoai-rabbitmq, 4)levoai-satellite, and 5) levoai-tagger. -Wait couple of minutes after the install, and check the health of the components by executing the following: +Wait a couple of minutes after the installation, and check the health of the components by executing the following: ```bash kubectl -n levoai get pods @@ -109,6 +176,62 @@ Run the below command and note the `external` address/port of the the Collector ```bash kubectl get service levoai-collector -n levoai ``` + +### 6. Optionally, enable authentication for satellite APIs. +Add below config to `values.yml` file to enable authentication for satellite APIs using a unique key. +Refer to [Accessing Organization IDs](/integrations/common-tasks.md#accessing-organization-ids) for fetching the Organization ID. + +```yaml +global: + levoai_config_override: + onprem-api: + org-id: +haproxy: + satelliteAuthnEnabled: false +``` + +Install satellite using this `values.yml`. + +```bash +helm upgrade --install -n levoai --create-namespace \ + -f ./values.yml \ + --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ + levoai-satellite levoai/levoai-satellite +``` + +Otherwise, you can pass the `org-id` and `authnEnabled` as arguments to the helm command. + +```bash +helm upgrade --install -n levoai --create-namespace \ + --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ + --set global.levoai_config_override.onprem-api.org-id= \ + --set haproxy.authnEnabled=true \ + levoai-satellite levoai/levoai-satellite +``` + +### 7. Optionally, access Satellite through a CNAME and HTTPS +Add below config to `values.yml` file to add an ingress route for Satellite APIs so that it can be accessed through a CNAME and HTTPS. + +```yaml +haproxy: + ingress: + enabled: true + hostname: + ingressClassName: haproxy + pathType: Prefix + extraPaths: + - path: /* + pathType: Prefix + backend: + service: + name: levoai-haproxy + port: + number: 80 +``` + +Please reach out to support@levo.ai if you're using a custom ingress controller. + + Please proceed to [install Traffic Capture Sensors](/install-traffic-capture-sensors). --------------------------------------------------------- @@ -121,7 +244,7 @@ Please proceed to [install Traffic Capture Sensors](/install-traffic-capture-sen export LEVOAI_AUTH_KEY=<'Authorization Key' from the original installation> # Update helm repo and upgrade installation -helm repo update +helm repo update levoai helm upgrade -n levoai \ --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ @@ -166,7 +289,7 @@ export LEVOAI_AUTH_KEY=<'Authorization Key' from the original installation> export LEVOAI_MIN_URLS_PER_PATTERN=3 # Update helm repo and upgrade installation -helm repo update +helm repo update levoai helm upgrade -n levoai \ --set global.levoai_config_override.onprem-api.refresh-token=$LEVOAI_AUTH_KEY \ @@ -225,5 +348,13 @@ kubectl -n levoai logs | grep "ConnectionRefusedError: [E If there are exception messages, Tagger is unable to connect to dependent services. It generally establishes connection after 3/4 retries. Please contact support@levo.ai for further assistance. -

+### Share Satellite logs with Levo Support + +Please script and execute following commands to collect logs from all Satellite components. This will create an archive as `/tmp/levoai_satellite_logs_%date-time%.tar.gz`. + +```bash +chmod +x get_levoai_satellite_logs.sh +./get_levoai_satellite_logs.sh +``` +

\ No newline at end of file diff --git a/docs/install-satellite/satellite-windows.mdx b/docs/install-satellite/satellite-windows.mdx new file mode 100644 index 000000000..69bc35cf9 --- /dev/null +++ b/docs/install-satellite/satellite-windows.mdx @@ -0,0 +1,90 @@ +--- +sidebar_position: 7 +description: Set up Levo.ai Satellite on Windows. +--- + +# Satellite on Windows + +import BrowserOnly from '@docusaurus/BrowserOnly'; + +export function DownloadDockerComposeLink() { + return ( + Loading...}> + {() => ( + Download + )} + + ); +} + +### Prerequisites +- Access to a Windows Machine. +- At least 4 CPUs and 8 GB of RAM on the Windows Machine. +- Docker Desktop for Windows installed on the Windows with WSL enabled. + +### 1. Download Docker Compose file +Levo provides pre-built Docker images for the Satellite that can be installed via Docker Compose. + the Docker Compose file to your desktop. + +### 2. Install Satellite + +Set the `LEVOAI_AUTH_KEY` environment variable, please refer to [Generating CLI Authorization Keys](/integrations/common-tasks.md#generating-cli-authorization-keys) for instructions on fetching your key. +```powershell +$env:LEVOAI_AUTH_KEY = "" +``` +Execute the following from the directory where the Docker Compose file was downloaded. +```powershell +docker compose pull; docker compose up -d +``` + +:::info + +Depending on the region you are installing in, you may need to set a different Levo base URL for the satellite. + +For example, if the satellite will be used with `app.india-1.levo.ai`, the installation command will be: + +```powershell +$env:LEVOAI_AUTH_KEY = "" +$env:LEVOAI_BASE_URL = "https://api.india-1.levo.ai" +docker compose pull; docker compose up -d +``` + +::: + +> If `docker compose ...` complains with *"docker: 'compose' is not a docker command."*, you have can try **`docker-compose`** instead. + +### 3. Verify connectivity with Levo.ai + +#### a. Check Satellite health + +The Satellite is comprised of six sub components 1) levoai-collector, 2) levoai-rabbitmq, 3)levoai-satellite, and 4) levoai-tagger 5) levoai-ion 6) levoai-haproxy. + +Wait a couple of minutes after the installation, and check the health of the components by executing the following: + +```bash +docker ps -f name=levoai +``` + +If the Satellite is healthy, you should see output similar to below. + +```bash +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +2b32cd6b9ced levoai/collector:stable "/usr/local/bin/levo…" 10 seconds ago Up 8 seconds 0.0.0.0:4317->4317/tcp, 9411/tcp levoai-collector +06f3c597cad0 levoai/satellite:stable "gunicorn --capture-…" 10 seconds ago Up 9 seconds 0.0.0.0:9999->9999/tcp levoai-satellite +89026034c567 levoai/satellite:stable "python -OO /opt/lev…" 10 seconds ago Up Less than a second levoai-tagger +f74524d02fbd bitnami/rabbitmq:3.10 "/opt/bitnami/script…" 10 seconds ago Up 9 seconds 5551-5552/tcp, 0.0.0.0:4369->4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 0.0.0.0:15672->15672/tcp, 0.0.0.0:25672->25672/tcp, 15671/tcp levoai-rabbitmq +973414e03gba levoai/ion:stable "ion start -verbose" 10 seconds ago Up Less than a second 0.0.0.0:9990->8000/tcp levoai-ion +cb58d3d8d952 levoai/proxy:latest "docker-entrypoint.s…" 10 seconds ago Up 7 seconds 0.0.0.0:8081->8081/tcp, 0.0.0.0:9080->8080/tcp levoai-haproxy +``` + +#### b. Check connectivity +Execute the following to check for connectivity health: + +```bash +docker logs levoai-tagger | grep "Ready to process; waiting for messages." +``` +If connectivity is healthy, you will see output similar to below. + +```bash +{"level": "info", "time": "2022-06-07 08:07:22,439", "line": "rabbitmq_client.py:155", "version": "fc628b50354bf94e544eef46751d44945a2c55bc", "module": "/opt/levoai/e7s/src/python/levoai_e7s/satellite/rabbitmq_client.py", "message": "Ready to process; waiting for messages."} +``` diff --git a/docs/install-traffic-capture-sensors/akamai-edge-worker.md b/docs/install-traffic-capture-sensors/akamai-edge-worker.md new file mode 100644 index 000000000..6c65301f6 --- /dev/null +++ b/docs/install-traffic-capture-sensors/akamai-edge-worker.md @@ -0,0 +1,82 @@ +--- +sidebar_position: 8 +description: Learn how to deploy Levo.ai Akamai Edge Worker with our step-by-step guide to enhance API traffic capture and analysis. +--- + +# Akamai Edge Worker + +Deploying the Levo.ai Akamai Edge Worker enables advanced API traffic capture and analysis, ensuring seamless integration with your Akamai-powered setup. This guide walks you through the prerequisites, deployment, and configuration of the Edge Worker. + +--- + +## Prerequisites + +Before deploying the Edge Worker, ensure the following requirements are met: + +- **Akamai DNS Configuration:** Your website’s DNS must be managed through Akamai. +- **Permissions:** Ensure you have sufficient permissions on Akamai to create and configure edge workers for your property. +- **Levo Satellite Setup:** + - Confirm that the Levo Satellite is set up and is accessible via HTTPS from the EdgeWorker. + - Ensure that the Satellite's domain is served through Akamai platform by configuring an A record or a CNAME in Akamai's DNS settings. + - Refer to the [Satellite Installation Guide](/install-satellite) for levo.ai satellite setup instructions and [Manage DNS Records](https://techdocs.akamai.com/cloud-computing/docs/manage-dns-records) for DNS configuration in Akamai. +- **Organization ID:** Obtain your Organization ID from Levo dashboard. Refer to [Accessing Organization ID](/integrations/common-tasks.md#accessing-organization-ids) for details. + +## Deploying the Edge Worker + +### Using the CLI + +Follow the steps below to deploy the EdgeWorker using the CLI. + +#### 1. Setup Akamai CLI and Edge Workers +- **Install Akamai CLI**: + - Ensure you have installed [Akamai CLI](https://techdocs.akamai.com/edgeworkers/docs/akamai-cli). + - On Windows you may need to add `akamai.exe` location to `Path` environment variable. +- **Install EdgeWorker CLI**: + - Run this command to install the EdgeWorkers CLI `akamai install edgeworkers`. +- **Set Up Authentication**: + - Ensure you have required authentication credentials (e.g., access token and client secret), available on Akamai's **Identity & Access Management** page. + - For detailed instructions, refer to [Akamai Setup Authentication Credentials](https://techdocs.akamai.com/developer/docs/set-up-authentication-credentials). + +#### 2. Create Edge Worker ID +- Navigate to **CDN** > **EdgeWorkers** in the Akamai control center. +- Click **Create EdgeWorker ID** and fill in the required details: + - Name for EdgeWorker ID + - Resource Tier + - other details before +- Click **Create**. +- For more details, refer to [Create Akamai Edge Worker ID](https://techdocs.akamai.com/edgeworkers/docs/create-an-edgeworker-id). + +#### 3. Setup EdgeWorker +- Clone the EdgeWorker repository `git clone https://github.com/levoai/akamai-worker.git`. +- Navigate into the repository `cd akamai-worker`. +- Copy the example environment file `cp .env.example .env` +- Configure the following environment variables in the .env file: + - `AKAMAI_WORKER_ID` + - `AKAMAI_WORKER_NETWORK` + - `AKAMAI_WORKER_VERSION_INCREMENT` (optional) +- Prepare the EdgeWorker for deployment `yarn worker:version:prepare` which increments version. +- Deploy and activate the EdgeWorker `yarn worker:version:deploy` which uploads and activates the code bundle. + +> Note: `\src\bundle.json` contains bundle metadata. + +#### 4. Adding EdgeWorker Behavior to Your Akamai Property +- Login int to Akamai control center. +- Navigate to **CDN** > **Properties** from left-hand menu. +- Select the property you want to configure and click **Edit New Version**. +- Under **Property Variables**, add following variables. + - `LEVO_SATELLITE_URL` - The URL of the Satellite where the traffic will be sent. + - `LEVO_ORG_ID` - Your organization ID. + - `LEVO_ENV` - The desired environment name. Optional, default is `staging`. + - `LEVO_SERVICE_NAME` - The name of the service you are monitoring. Optional. + > **Note:** These variables are prefixed with **PMUSER_** in this section. +- Under **Property Configuration Settings**, go to > **Rules** > **Behaviors**, and: + - Enable **EdgeWorkers** behavior. + - Select the appropriate EdgeWorker ID. +- Save your changes and activate the property for Staging and/or Production. + +--- + +**That's it!** + +Your EdgeWorker is now deployed and integrated with your Akamai property. Monitor and analyse your API traffic using the Levo.ai platform. For further support, feel free to reach out to the Levo.ai team at support@levo.ai. + diff --git a/docs/install-traffic-capture-sensors/aws-traffic-mirroring.md b/docs/install-traffic-capture-sensors/aws-traffic-mirroring.md index 0b66e6679..adfc9bc72 100644 --- a/docs/install-traffic-capture-sensors/aws-traffic-mirroring.md +++ b/docs/install-traffic-capture-sensors/aws-traffic-mirroring.md @@ -1,5 +1,6 @@ --- sidebar_position: 5 +description: Set up AWS Traffic Mirroring with Levo.ai. Follow our guide to create, list, and delete mirroring sessions using Levo CLI for enhanced API traffic analysis. --- # AWS Traffic Mirroring diff --git a/docs/install-traffic-capture-sensors/cloudflare-worker.md b/docs/install-traffic-capture-sensors/cloudflare-worker.md index 7b86127dc..28dacc30c 100644 --- a/docs/install-traffic-capture-sensors/cloudflare-worker.md +++ b/docs/install-traffic-capture-sensors/cloudflare-worker.md @@ -1,5 +1,6 @@ --- sidebar_position: 4 +description: Deploy Levo.ai PCAP sensor on Cloudflare Worker. Follow our detailed guide to set up and configure for enhanced API traffic capture and analysis. --- # Cloudflare Worker @@ -54,3 +55,23 @@ or if the [daily request limit](https://developers.cloudflare.com/workers/platfo alt="Adding a Cloudflare Worker route" style={{ display: 'block', margin: 'auto', paddingTop: '24px'}} /> + + +### Troubleshooting wrangler login + +If you encounter an error while running `npx wrangler login`, make sure you have the latest version of Node.js installed. + +- Running above command should open a browser window where you can log in to your Cloudflare account. +- Once you have logged in successfully, you should be prompted with a consent form to allow Wrangler to access your Cloudflare account. + +![](../assets/cloudflare/Wrangler_consentform.png) + +- After you click on `Allow`, you will be redirected to a page with a success message. + +![](../assets/cloudflare/Wrangler_access_granted.png) + +- Now you can close the browser window and return to your terminal where you should see a success message. + + +### Need Help? +For further assistance, please reach out to [Levo.ai Support](mailto:support@levo.ai). diff --git a/docs/install-traffic-capture-sensors/common-tasks/_category_.json b/docs/install-traffic-capture-sensors/common-tasks/_category_.json index c66091135..649d33fc1 100644 --- a/docs/install-traffic-capture-sensors/common-tasks/_category_.json +++ b/docs/install-traffic-capture-sensors/common-tasks/_category_.json @@ -1,4 +1,4 @@ { "label": "Common Tasks", - "position": 8 + "position": 9 } diff --git a/docs/install-traffic-capture-sensors/common-tasks/k8s-helm-values.md b/docs/install-traffic-capture-sensors/common-tasks/k8s-helm-values.md index 6d592763d..9330b2737 100644 --- a/docs/install-traffic-capture-sensors/common-tasks/k8s-helm-values.md +++ b/docs/install-traffic-capture-sensors/common-tasks/k8s-helm-values.md @@ -1,8 +1,8 @@ # Kubernetes Configuration -### Add Tolerations and Node Selectors +### Add Tolerations, Affinity and Node Selectors -Tolerations and Node Selectors for the Sensor pods may be specified via helm values. For example: +Tolerations, Affinity and Node Selectors for the Sensor pods may be specified via helm values. For example: ```yaml sensor: @@ -16,4 +16,23 @@ sensor: effect: "NoSchedule" nodeSelector: kubernetes.io/hostname: "mavros" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value + ``` diff --git a/docs/install-traffic-capture-sensors/common-tasks/sensor-configuration.mdx b/docs/install-traffic-capture-sensors/common-tasks/sensor-configuration.mdx index 7d5a14e34..91ed42579 100644 --- a/docs/install-traffic-capture-sensors/common-tasks/sensor-configuration.mdx +++ b/docs/install-traffic-capture-sensors/common-tasks/sensor-configuration.mdx @@ -324,6 +324,7 @@ sudo docker run --restart unless-stopped \ levoai/ebpf_sensor:latest \ --host-proc-path /host/proc \ --satellite-url \ + --organization-id \ --default-service-name <'Application Name' chosen earlier> ``` Please check the Sensor logs to ensure the configuration file does not have any syntax errors, and the Sensor is running with the applied configuration. diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/ebpf-sensor.mdx b/docs/install-traffic-capture-sensors/ebpf-sensor/ebpf-sensor.mdx index 5f14c7e21..38424a745 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/ebpf-sensor.mdx +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/ebpf-sensor.mdx @@ -1,5 +1,6 @@ --- sidebar_position: 0 +description: Install Levo.ai eBPF Sensor with our guide. Learn to set up and configure traffic capture sensors on various platforms for enhanced API monitoring. --- # Install eBPF Sensor @@ -9,6 +10,7 @@ sidebar_position: 0 - Satellite has been successfully installed. - You have noted down the Satellite's `hostname:port` or `ip-address:port` information. - The Satellite is reachable (via HTTP/s) from the location where you are going to install the Sensor. +- You have noted down the Organization ID. Refer to [Accessing Organization IDs](/integrations/common-tasks.md#accessing-organization-ids). ## ii. Pick an `Application Name` Auto discovered API endpoints and their OpenAPI specifications are show in the [API Catalog](/guides/security-testing/concepts/api-catalog/api-catalog.md), grouped under an application name. The application name helps segregate and group API endpoints from different environments, similar to how file folders work in an operating system. diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-apt-package.md b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-apt-package.md index 34a7b9d09..35cf19c1e 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-apt-package.md +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-apt-package.md @@ -34,7 +34,7 @@ sudo apt update ### 3. Download/install Sensor artifacts ```bash -sudo apt install levo-ebpf-sensor=0.42.1 +sudo apt install levo-ebpf-sensor=0.45.4 ``` ### 4. Start the Sensor @@ -44,36 +44,26 @@ Please take a look at the [Running the Sensor as a Systemd Service](/install-tra ## Sensor Lifecycle Management -### Configure Satellite Address (`host:port` information) +### Configure Satellite Address, Organization-Id and Environment -The Satellite address is configured in `/etc/levo/sensor/config.yaml`. The default `host:port` for Satellite is `localhost:4317`. +The Satellite address is configured in `/etc/default/levo-ebpf-sensor`. The default Satellite URL is `https://collector.levo.ai`. -Edit `/etc/levo/sensor/config.yaml`, and set `satellite-url` (under Satellite Settings) to the desired `host:port` value. +Edit `/etc/default/levo-ebpf-sensor`, set the `LEVO_SATELLITE_URL` variable to the desired `host:port` value, +and set the `LEVO_ORG_ID` to the Organization ID fetched from the Levo Dashboard. +Set `LEVO_ENV` to the desired environment name in which you wish to see you applications on the Levo Dashboard. ```bash ... -# -------------------------------------------------------------------------------------------- -# Satellite Settings: -# -------------------------------------------------------------------------------------------- -# host:port for the collector service receiving the sensor's API traces. -# mention the scheme http/https if you decide not to use gRPC for sensor satellite communication -satellite-url: -# -------------------------------------------------------------------------------------------- +LEVO_ENV="your-env" +LEVO_SATELLITE_URL="your-satellite-url" +LEVO_ORG_ID="your-org-id" ... ``` -### Configure sensor environment -The eBPF sensor environment is configured in `/etc/default/levo-ebpf-sensor`. The default env value is `staging` +Additional sensor configs are present in the file `/etc/levo/sensor/config.yaml` -Edit `/etc/default/levo-ebpf-sensor`, and set `LEVO_ENV` to the desired env value (eg. `prod`, `qa`) -```bash -# Environment Variables for levo-ebpf-sensor.service -MALLOC_CONF="background_thread:true,narenas:1,tcache:false,dirty_decay_ms:0,muzzy_decay_ms:0,abort_conf:true" -LEVO_ENV="staging" -``` - -**A Sensor *restart* is required for this to take effect.** +**A Sensor *restart* is required for the config changes to take effect.** ### Start Sensor @@ -105,6 +95,11 @@ sudo cat syslog | grep 'levo-ebpf-sensor' cat /etc/levo/sensor/config.yaml ``` +### Show Sensor Environment file +```bash +cat /etc/default/levo-ebpf-sensor +``` + ### Uninstall Sensor ```bash sudo apt remove --purge levo-ebpf-sensor diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-docker.md b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-docker.md index 99f589659..a82962003 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-docker.md +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-docker.md @@ -1,5 +1,6 @@ --- sidebar_position: 3 +title: Install eBPF Sensor on Docker | Levo.ai Documentation --- # Sensor via Docker @@ -22,9 +23,10 @@ sidebar_position: 3 sudo docker run --restart unless-stopped \ -v /sys/kernel/debug:/sys/kernel/debug -v /proc:/host/proc \ --add-host host.docker.internal:host-gateway \ - --privileged --detach levoai/ebpf_sensor:0.40.0 \ + --privileged --detach levoai/ebpf_sensor:0.45.4 \ --host-proc-path /host/proc/ \ --satellite-url \ + --organization-id \ --env <'application-environment'> \ --default-service-name <'Application Name' chosen earlier> ``` diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-kubernetes.md b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-kubernetes.md index e474160a9..8253a9810 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-kubernetes.md +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-kubernetes.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: Install eBPF Sensor on Kubernetes | Levo.ai Documentation --- # Sensor on Kubernetes @@ -12,9 +13,9 @@ sidebar_position: 1 - The Kubernetes cluster API endpoint should be reachable from the machine you are running Helm. - `kubectl` access to the cluster, with `cluster-admin` permissions. -### 1. Install levoai Helm repo +### 1. Add levoai Helm repo ```bash -helm repo add levoai https://charts.levo.ai && helm repo update +helm repo add levoai https://charts.levo.ai && helm repo update levoai ``` ### 2. Create `levoai` namespace & install Sensor @@ -23,18 +24,33 @@ helm repo add levoai https://charts.levo.ai && helm repo update # If Sensor is installed on same cluster as Satellite, use 'levoai-haproxy' # If they are installed on different clusters, the haproxy service should be exposed so that it is # reachable by the sensor. Use the exposed address as the value for satellite-url. -# Specify below the 'Application Name' chosen earlier and Organization ID (copy from levo platform). +# Also specify the Organization ID (copy from levo platform). # helm upgrade levoai-sensor levoai/levoai-ebpf-sensor \ --install \ --namespace levoai \ --create-namespace \ - --set sensor.config.default-service-name=<'Application Name' chosen earlier> \ - --set sensor.config.satellite-url= \ - --set sensor.config.organization-id= \ - --set sensor.levoEnv=<'Application environment'> + --set sensor.orgId= + --set sensor.satelliteUrl=levoai-haproxy \ + --set sensor.levoEnv= ``` +:::info + +You need to expose the levoai-haproxy service so that sensor can reach satellite when it is installed +in a different cluster; the installation command will be: + +```bash +helm upgrade levoai-sensor levoai/levoai-ebpf-sensor \ + --install \ + --namespace levoai \ + --create-namespace \ + --set sensor.satelliteUrl= \ + --set sensor.levoEnv= +``` + +::: + ### 3. Verify connectivity with Satellite @@ -76,7 +92,7 @@ If you wish to, you may also request Levo to host the Satellite for you. In this `satellite-url` to `https://collector.levo.ai` and specify an organization ID (`organization-id`) via helm values. ```shell -helm upgrade --set sensor.levoEnv= --set sensor.config.satellite-url=https://collector.levo.ai --set sensor.config.organization-id= levoai-sensor levoai/levoai-ebpf-sensor -n levoai +helm upgrade --set sensor.levoEnv= --set sensor.satelliteUrl=https://collector.levo.ai --set sensor.orgId= levoai-sensor levoai/levoai-ebpf-sensor -n levoai ``` Please proceed to the next step, if there are no errors. diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-systemd-service.md b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-systemd-service.md index 923319695..8c7bc6ba5 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-systemd-service.md +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-systemd-service.md @@ -6,62 +6,26 @@ sidebar_position: 6 ## Running the Sensor as a Systemd Service {#running-sensor-systemd} -### 1. Configure Satellite Address -The Satellite (collector) address is configured in `/etc/levo/sensor/config.yaml`. +### Configure Satellite Address, Organization-Id and Environment -#### NOTE: -The default address for the collector in Systemd installations is `https://collector.levo.ai`. -This address assumes that Levo is hosting the Satellite for you, and you must also specify an organization ID (`organization-id`) via the config file. -If you wish, you may also host the Satellite yourself and specify the address of the collector in the self-hosted Satellite to direct the Sensor's traffic to it. +The Satellite address is configured in `/etc/default/levo-ebpf-sensor`. The default Satellite URL is `https://collector.levo.ai`. +Edit `/etc/default/levo-ebpf-sensor`, set the `LEVO_SATELLITE_URL` variable to the desired `host:port` value, +and set the `LEVO_ORG_ID` to the Organization ID fetched from the Levo Dashboard. +Set `LEVO_ENV` to the desired environment name in which you wish to see you applications on the Levo Dashboard. -Edit `/etc/levo/sensor/config.yaml`, and set `satellite-url` (under Satellite Settings) to the address noted from the Satellite install. - -```yaml +```bash ... -# -------------------------------------------------------------------------------------------- -# Satellite Settings: -# -------------------------------------------------------------------------------------------- - -# Levo Organization ID. This must be specified when the collector is hosted by Levo. -# organization-id: "" - -# host:port for the collector service receiving the Sensor's API traces. -satellite-url: +LEVO_ENV="your-env" +LEVO_SATELLITE_URL="your-satellite-url" +LEVO_ORG_ID="your-org-id" ... ``` -**Note**: If you change the Satellite address later, you have to restart the Sensor, since it's not a hot property. - -### 2. Configure Application Name -The `Application Name` is configured in `/etc/levo/sensor/config.yaml`. - -Edit `/etc/levo/sensor/config.yaml`, and set `default-service-name` to the `Application Name` chosen earlier. - -```yaml -# -------------------------------------------------------------------------------------------- -# Default Application Name: -# -# Auto discovered API endpoints and their OpenAPI specifications are show in the API Catalog -# grouped under this application name. The application name helps segregate and group API -# endpoints from different environments. -# -------------------------------------------------------------------------------------------- -# -default-service-name: <'Application Name' chosen earlier> -# -------------------------------------------------------------------------------------------- -``` - -### Configure sensor environment -The eBPF sensor environment is configured in `/etc/default/levo-ebpf-sensor`. The default env value is `staging` -Edit `/etc/default/levo-ebpf-sensor`, and set `LEVO_ENV` to the desired env value (eg. `prod`, `qa`) +Additional sensor configs are present in the file `/etc/levo/sensor/config.yaml` -```bash -# Environment Variables for levo-ebpf-sensor.service -MALLOC_CONF="background_thread:true,narenas:1,tcache:false,dirty_decay_ms:0,muzzy_decay_ms:0,abort_conf:true" -LEVO_ENV="staging" -``` -**Note**: If you change the `Application Name` later, you have to restart the Sensor, since it's not a hot property. +**A Sensor *restart* is required for the config changes to take effect.** ### 3. Start the Sensor diff --git a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-yum-package.md b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-yum-package.md index d42bf1beb..1fe01a878 100644 --- a/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-yum-package.md +++ b/docs/install-traffic-capture-sensors/ebpf-sensor/sensor-yum-package.md @@ -32,7 +32,7 @@ Install the eBPF Sensor from Levo's RPM repository. 1. Install the package in your repository. ```shell - sudo yum install levo-ebpf-sensor-0.42.1 + sudo yum install levo-ebpf-sensor-0.45.4 ``` Enter `y` when prompted. diff --git a/docs/install-traffic-capture-sensors/install-traffic-capture-sensors.md b/docs/install-traffic-capture-sensors/install-traffic-capture-sensors.md index 103cc5ec3..2ab19dd82 100644 --- a/docs/install-traffic-capture-sensors/install-traffic-capture-sensors.md +++ b/docs/install-traffic-capture-sensors/install-traffic-capture-sensors.md @@ -21,6 +21,22 @@ You should install the pcap sensor if: [**Click here for the installation instructions**](/install-traffic-capture-sensors/pcap-sensor). +## AWS Fargate Sensor +To install AWS Fargate sensor: + +> **_NOTE:_** You need to have the satellite installed to configure the sensor to point to it. If you haven't done it already, head over to [Install Satellite ](/install-satellite) +Make sure the satellite is able to listen on port `9999` +Edit Inbound Rules to accept port `9999` in case the satellite is running on an AWS instance. + +[**Click here for the installation instructions**](/install-traffic-capture-sensors/sensor-fargate). + +## Windows Sensor +You should install the windows sensor if: + +- Your application workloads are deployed on a windows Servers compute architecture. + +[**Click here for the installation instructions**](/install-traffic-capture-sensors/windows-sensor). + ## AWS Traffic Mirroring Use this if you want to use traffic mirroring to instrument your application workloads. diff --git a/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor-yum-package.md b/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor-yum-package.md new file mode 100644 index 000000000..ed5bbd984 --- /dev/null +++ b/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor-yum-package.md @@ -0,0 +1,115 @@ +--- +sidebar_position: 3 +--- + +# PCAP Sensor via YUM Package + +## Install on RPM based Linux Distributions via `yum` + +### Prerequisites +- `libpcap` should be installed from the yum repository +- Admin (or `sudo`) privileges on the host + +### 1. Configure the package manager + +Configure `yum` to access Levo's RPM packages using the following command: + +```shell +sudo tee -a /etc/yum.repos.d/levo.repo << EOF +[levo] +name=Levo.ai +baseurl=https://us-yum.pkg.dev/projects/levoai/yum-levo +enabled=1 +repo_gpgcheck=0 +gpgcheck=0 +EOF +``` + +### 2. Install the pcap Sensor + +Install the pcap Sensor from Levo's RPM repository. + +1. Update the list of available packages: + ```shell + sudo yum makecache + ``` + +1. Install the package in your repository. + ```shell + sudo yum install levo-pcap-sensor-0.1.9 + ``` + +Enter `y` when prompted. + +### 3. Start the Sensor + +Sensor runs as a Systemd Service + +#### Configure Satellite Address, Organization-Id and Environment + +The Satellite address is configured in `/etc/levo/config/pcap-sensor/config.yaml`. The default Satellite URL is `https://collector.levo.ai`. + +Edit `/etc/levo/config/pcap-sensor/config.yaml` and + - set the `satellite-url` variable to the desired `host:port` value + - set the `levoai-org-id` to the Organization ID fetched from the Levo Dashboard. + - set `levo-env` to the desired environment name in which you wish to see you applications on the Levo Dashboard. + +```yaml +############################################################################################## +# PCAP Sensor Configuration Settings (YAML Format) +# Copyright: Levo Inc., @COPYRIGHT_YEAR@ +############################################################################################## + +satellite-url: http://collector.levo.ai +levo-env: staging +levoai-org-id: "" +rate-limit: 1000 +trace-export-interval: 10 +filter: "" +path-allow: [] +host-allow: [] +path-exclusions: [] +host-exclusions: [] +max-http-length: 10000000 +stream-timeout-seconds: 10 +``` + +*Sensor **restart** is required for the config changes to take effect.* + +Additional options can be configured as follows: + - **`trace-export-interval`**: Set the trace export interval in seconds (default is 10) + - **`rate-limit`**: Specify the number of traces per minute + - **`filter`**: Add a PCAP filter string, e.g., "port 8080 and (not port 8081)" + - **`host-allow`**: Set a host allow regex + - **`path-allow`**: Set a path allow regex + - **`host-exclusions`**: Set a host exclude regex + - **`path-exclusions`**: Set a path exclude regex + + +#### Start/Stop the Sensor + +To start the sensor +```bash +sudo systemctl start levo-pcap-sensor.service +``` + +To stop the sensor +```bash +sudo systemctl stop levo-pcap-sensor.service +``` + +To restart the sensor +```bash +sudo systemctl restart levo-pcap-sensor.service +``` + +### 4. Configuring sensor as per memory and CPU resource limits + +- For normal/average case use the default config +- For strict resources, modify the config with below options +```yaml +rate-limit: 100 +trace-export-interval: 1 +max-http-length: 1000000 +stream-timeout-seconds: 2 +``` \ No newline at end of file diff --git a/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor.md b/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor.md index a75204771..f2fcfdcbe 100644 --- a/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor.md +++ b/docs/install-traffic-capture-sensors/pcap-sensor/pcap-sensor.md @@ -1,3 +1,7 @@ +--- +description: Install Levo.ai PCAP Sensor with our guide. Follow detailed instructions for setting up and configuring traffic capture sensors across multiple platforms. +--- + # Install PCAP Sensor ## Prerequisites @@ -5,11 +9,9 @@ > **_NOTE:_** You need to have the satellite installed to configure the sensor to point to it. If you haven't done it already, head over to [Install Satellite ](/install-satellite) Make sure the satellite is able to listen on port `9999` -Edit Inbound Rules to accept port `9999` in case the satellite is running on an AWS instance. ## Follow instructions for your platform - - [Install on Fargate](/install-traffic-capture-sensors/pcap-sensor/sensor-fargate) - [Install via Docker](/install-traffic-capture-sensors/pcap-sensor/sensor-docker) - [Install on Kuberenetes](/install-traffic-capture-sensors/pcap-sensor/sensor-kubernetes) diff --git a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-docker.md b/docs/install-traffic-capture-sensors/pcap-sensor/sensor-docker.md index 4dd2bd25d..7de2524dd 100644 --- a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-docker.md +++ b/docs/install-traffic-capture-sensors/pcap-sensor/sensor-docker.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: Install PCAP Sensor on Docker | Levo.ai Documentation --- # Sensor via Docker @@ -10,8 +11,10 @@ sidebar_position: 1 - Docker Engine version `18.03.0` and above - Admin (or `sudo`) privileges on the Docker host +### Start the sensor + ```bash -sudo docker run --net=host --rm -it levoai/pcap-sensor:0.1.1 \ +sudo docker run --net=host --rm -it levoai/pcap-sensor:0.1.9 \ ./bin/init apidump \ --satellite-url "your satellite url (http(s)://hostname|IP:port)" \ --levo-env "your application environment (staging, production etc.)" \ @@ -28,3 +31,13 @@ Specify additional flags in the command --path-exclusions "path exclude regex" ``` +### Configuring sensor as per memory and CPU resource limits + +- For normal/average case use the default config +- For strict resources, start the sensor with below options +```bash +--rate-limit 100 +--trace-export-interval 1 +--max-http-length 1000000 +--stream-timeout-seconds 2 +``` diff --git a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-kubernetes.md b/docs/install-traffic-capture-sensors/pcap-sensor/sensor-kubernetes.md index 2592619cb..c02886b14 100644 --- a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-kubernetes.md +++ b/docs/install-traffic-capture-sensors/pcap-sensor/sensor-kubernetes.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +title: Install PCAP Sensor on Kubernetes | Levo.ai Documentation --- # Sensor on Kubernetes @@ -12,9 +13,9 @@ sidebar_position: 2 - The Kubernetes cluster API endpoint should be reachable from the machine you are running Helm. - `kubectl` access to the cluster, with `cluster-admin` permissions. -### 1. Install levoai helm repo +### 1. Add levoai helm repo ``` -helm repo add levoai https://charts.levo.ai && helm repo update +helm repo add levoai https://charts.levo.ai && helm repo update levoai ``` ### 2. Create levoai namespace and install pcap-sensor @@ -30,7 +31,7 @@ helm upgrade levoai-pcap-sensor levoai/levoai-pcap-sensor \ --create-namespace \ --set sensor.config.levoaiOrgId="your Levo Org ID" \ --set sensor.config.satelliteUrl="http(s)://hostname|IP:port" - --set sensor.confg.levoEnv="your application environment (staging, production etc.)" + --set sensor.config.levoEnv="your application environment (staging, production etc.)" ``` Set additional configs @@ -44,3 +45,8 @@ sensor.config.hostExclusions="host exclusion regex" sensor.config.pathExclusions="path exclusion regex" ``` +### 3. Configuring sensor as per memory and CPU resource limits + +- For normal/average case use the default config +- For strict resources, use the [Low resource helm values file](../../../static/artifacts/pcap-sensor/low_resource_values.yaml) + diff --git a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-fargate.md b/docs/install-traffic-capture-sensors/sensor-fargate.md similarity index 75% rename from docs/install-traffic-capture-sensors/pcap-sensor/sensor-fargate.md rename to docs/install-traffic-capture-sensors/sensor-fargate.md index e06fff63f..bc3a887c7 100644 --- a/docs/install-traffic-capture-sensors/pcap-sensor/sensor-fargate.md +++ b/docs/install-traffic-capture-sensors/sensor-fargate.md @@ -1,14 +1,33 @@ --- sidebar_position: 3 +description: Install Levo.ai PCAP sensor on AWS Fargate. Follow our detailed guide for setup, configuration, and robust API traffic capture and analysis. --- -# Sensor on Fargate +# Sensor on AWS Fargate ## Prerequisites - AWS profile access key and secret access key saved at path ~/.aws/credentials file - The profile should have all the required permissions as listed [here](#aws-permissions) -## Install Sensor on Fargate + +## Install using Terraform + +The pcap Sensor can be installed as a sidecar on an existing AWS task using a terraform script + +- Download the [Terraform script](../../static/artifacts/pcap-sensor/main.tf) +- Run the following commands + - `terraform init` + - `terraform plan` + - `terraform apply` +- Enter values for all the prompts, which include `aws-region`, `task-name`, `satellite-url`, `levo-env`, `org-id` etc. +- Or edit the variables in the terraform script and add the required values as default. +- The script will create a new revision of the task-definition with the pcap-sensor as side-car +- To configure CPU and memory given to the container, update `cpu_percentage_limit` and `memory_percentage_limit` variables in the terraform script. + +*Note: The default values are set to 5% CPU and memory of the total given to the task.* + + +## Install using JSON The pcap Sensor can be installed as a sidecar on an existing AWS task by adding to its task definition via the AWS Console. @@ -26,7 +45,7 @@ The steps to add the sensor to your task are as follows ```json { "name": "levo-pcap-sensor", - "image": "levoai/pcap-sensor:0.1.1", + "image": "levoai/pcap-sensor:0.1.9", "cpu": 512, "memory": 512, "portMappings": [], @@ -74,6 +93,15 @@ Specify additional flags in the entrypoint --path-exclusions # regex for excluded paths ``` +### 3. Configuring sensor as per memory and CPU resource limits + +- For normal/average case use the above JSON +- For strict resources, use the [Low resource JSON file](../../static/artifacts/pcap-sensor/low_resource.json) + +### 4. Filtering out traffic +- If you need to ignore the traffic from other side-cars in the AWS task, you can use the `--filter` command to ignore the traffic on the non-essential container ports +eg. `--filter "not port 8888" + ### AWS Permissions needed diff --git a/docs/install-traffic-capture-sensors/windows-sensor/_category_.json b/docs/install-traffic-capture-sensors/windows-sensor/_category_.json new file mode 100644 index 000000000..df41d1c6f --- /dev/null +++ b/docs/install-traffic-capture-sensors/windows-sensor/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Sensor on Windows", + "position": 3 +} \ No newline at end of file diff --git a/docs/install-traffic-capture-sensors/windows-sensor/windows-sensor.md b/docs/install-traffic-capture-sensors/windows-sensor/windows-sensor.md new file mode 100644 index 000000000..bdc3d380d --- /dev/null +++ b/docs/install-traffic-capture-sensors/windows-sensor/windows-sensor.md @@ -0,0 +1,159 @@ +--- +sidebar_position: 3 +title: Install Levo.ai’s Sensor on Windows | Levo.ai Documentation +--- + +# Levoai Sensor for Windows + +This guide walks you through installing and configuring Levo.ai’s sensor to capture HTTP traffic on Windows systems/servers. + +## Prerequisites + +- Windows 10 or Windows Server 2016 and above +- Administrator privileges on the Windows machine +- Npcap or WinPcap libraries installed. Please talk to us if you want to explore the commercial options for these libraries. + +## Installation Steps + +### 1. Install [Npcap](https://npcap.com/) Library + +1. Download the latest Npcap installer from the [Npcap website](https://npcap.com/#download). +2. Run the installer with administrator privileges. +3. During installation, select the following options: + - Install Npcap in WinPcap API-compatible Mode + - Install Npcap service + - Do not install the Npcap SDK + +### 2. Download Levo’s Windows Sensor Zip File + +1. Download the following zip file from our [downloads](https://github.com/levoai/downloads/tree/main/windows) portal: + - Levoai-Sensor.zip +2. Extract the contents of Levoai-Sensor.zip +3. Ensure that all extracted files are placed in the same dedicated directory, e.g., `C:\Program Files\Levo\`. + +### 3. Configure the Sensor + +Before installing the sensor service, modify the `config.json` file to match your specific setup: + +1. Open the `config.yaml` file in a text editor. +2. Update the following fields: + + - `satellite-url`: Replace with your actual Levoai Satellite URL. + - `levo-env`: Replace with your environment name. + - `levoai-org-id`: Replace with your Levo organization ID. + + Example `config.yaml`: + + ```yaml + ############################################################################################## + # PCAP Sensor Configuration Settings (YAML Format) + # Copyright: Levo Inc., @COPYRIGHT_YEAR@ + ############################################################################################## + + name: "Levoai Sensor" + display-name: "Levoai Sensor Service" + description: "Service for running the Levoai Sensor" + log-file-path: "levoai-service.log" + exec: "levoai-sensor.exe" + args: ["apidump"] + + + satellite-url: http://collector.levo.ai + levo-env: staging + levoai-org-id: "" + rate-limit: 1000 + trace-export-interval: 10 + filter: "" + path-allow: [] + host-allow: [] + path-exclusions: [] + host-exclusions: [] + ``` + +### [Optional] 4. Configure Additional Filters + +1. Open the `config.yaml` file in a text editor. +2. Modify any of these optional flags: + + - **`trace-export-interval`**: Set the trace export interval in seconds (default is 10) + - **`rate-limit`**: Specify the number of traces per minute + - **`filter`**: Add a PCAP filter string, e.g., "port 8080 and (not port 8081)" + - **`host-allow`**: Set a host allow regex + - **`path-allow`**: Set a path allow regex + - **`host-exclusions`**: Set a host exclude regex + - **`path-exclusions`**: Set a path exclude regex + +3. Configuring sensor as per memory and CPU resource limits +- For normal/average case use the default config +- For strict resources, download the [Low resource config file](../../../static/artifacts/pcap-sensor/config.yaml) and copy it in the windows sensor installation directory. + +### 5. Install the Sensor Service + +After configuring the `config.json` file, you need to install the sensor as a Windows service: + +1. Open PowerShell as an administrator. +2. Navigate to the directory containing the extracted Levoai sensor files. +3. Run the following command to install the sensor as a service: + ```bash + levoai-service.exe -service install +4. Run the following command to check the status of the Levoai service: + ```bash + Get-Service | Where-Object { $_.Name -like "*Levo*" } +5. If the service is installed and running successfully, you will see output similar to the following: + ```bash + Status Name DisplayName + Running Levoai Sensor Levoai Sensor Service +6. Run the following command to stop the sensor as a service: + ```bash + levoai-service.exe -service stop +7. Run the following command to start the sensor as a service: + ```bash + levoai-service.exe -service start +8. Run the following command to restart the sensor as a service: + ```bash + levoai-service.exe -service restart +9. Run the following command to uninstall the sensor as a service: + ```bash + levoai-service.exe -service uninstall + +### 6. Troubleshooting + +#### Ensure Npcap is properly installed and that WinPcap compatibility mode is enabled + +##### Verify Npcap Installation + +1. Open a Command Prompt as Administrator. +2. Run the following command to check if Npcap is installed and running: +```bash +sc query npcap +``` +3. If Npcap is properly installed, you should see an output with `STATE: RUNNING`. + +##### Verify WinPcap Compatibility Mode + +1. Open a Command Prompt as Administrator. +2. Execute the following command: +```bash +reg query HKLM\SYSTEM\CurrentControlSet\Services\npcap\Parameters /v WinPcapCompatible +``` +3. If WinPcap compatibility mode is enabled, you should see the output with `WinPcapCompatible REG_DWORD 0x1`. + +#### Check Windows Firewall settings + +Ensure the Levo's sensor is allowed to capture traffic. + +1. To check existing firewall rules, execute the below command: +```bash +netsh advfirewall firewall show rule name=all +``` +2. If you cannot find the firewall rule related to the Levo sensor, you can create one: + +To create a new inbound rule for the Levo sensor: +```bash +netsh advfirewall firewall add rule name="Levo.ai Sensor" dir=in action=allow program="C:\\Program Files\\Levo\\levoai-sensor.exe" enable=yes +``` +Replace `"C:\\Program Files\\Levo\\levoai-sensor.exe"` with the actual path to the Levo sensor executable. + +### 7. Additional Support + +For additional support, please [contact](mailto:support@levo.ai) Levo.ai technical support. \ No newline at end of file diff --git a/docs/integrations/common-tasks.md b/docs/integrations/common-tasks.md index 5ac91a3b0..45d738a1c 100644 --- a/docs/integrations/common-tasks.md +++ b/docs/integrations/common-tasks.md @@ -1,33 +1,46 @@ --- sidebar_position: 6 +title: Common Integration Tasks | Levo.ai Documentation --- # Common Tasks - [Generating CLI Authorization Keys](#generating-cli-authorization-keys) - [Accessing Organization IDs](#accessing-organization-ids) ------------------------------------ +--- + ## Generating CLI Authorization Keys -The Levo CLI is packaged within CI/CD plugins that are embedded in quality gates, that run security/resilience tests. +The Levo CLI is packaged within CI/CD plugins embedded in quality gates to run security and resilience tests. The CLI uses an authorization key to access Levo.ai. Follow instructions below to generate a key. -- [Login](https://app.levo.ai/login) to Levo.ai -- Click on your user profile -- Click on `User Settings` -- Click on `Keys` on the left navigation panel -- Click on `Get CLI Authorization Key` -- Now copy & save your authorization key, to be used in the CI/CD plugin of your choice +1. [Login to Levo.ai](https://app.levo.ai/login) +2. Click on your **user profile**. +3. Select **User Settings** from the menu. +4. Navigate to **Keys** on the left-hand side navigation panel. +5. Click on **Get CLI Authorization Key**. +6. Copy and save your authorization key for use in your preferred CI/CD plugin. + +:::info +If you are an India-based customer, [Login to the India portal](https://app.india-1.levo.ai/login) to access Levo.ai. +::: + +--- ------------------------------------ ## Accessing Organization IDs -Levo allows signed-in users to belong to more than one *organization*. Each organization has a unique ID. Below are instructions on fetching the ID for a specific organization. +Levo allows signed-in users to belong to multiple organizations, each with a unique organization ID. These IDs are often required for 3rd-party integrations such as CI/CD plugins. Follow these steps to retrieve the ID for a specific organization: ![Fetch ORG ID](../assets/levo-org-id.png) -- [Login](https://app.levo.ai/login) to Levo.ai -- Click on your user profile -- Click on `User Settings` -- Click on `Organizations` on the left navigation panel -- Now copy & save the ID for the Organization of your preference -- This ID will be used within 3rd party integrations like CI/CD plugins, etc. \ No newline at end of file +1. [Login to Levo.ai](https://app.levo.ai/login) +2. Click on your **user profile**. +3. Select **User Settings** from the menu. +4. Navigate to **Organizations** on the left-hand side navigation panel. +5. Copy and save the ID of the desired organization for your integration needs. + +This ID can now be used in third-party integrations like CI/CD plugins. + +--- + +### Need Help? +For further assistance, please reach out to [Levo.ai Support](mailto:support@levo.ai). diff --git a/docs/integrations/jira.md b/docs/integrations/jira.md index 9dbd1c4f6..2ee432d9f 100644 --- a/docs/integrations/jira.md +++ b/docs/integrations/jira.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: Jira Integration Guide --- # Jira diff --git a/docs/integrations/okta.md b/docs/integrations/okta.md index 1a2dfa519..00a55d776 100644 --- a/docs/integrations/okta.md +++ b/docs/integrations/okta.md @@ -1,5 +1,6 @@ --- sidebar_position: 4 +title: Okta Integration Guide --- # Okta diff --git a/docs/integrations/slack.md b/docs/integrations/slack.md index ba81106a2..21b210572 100644 --- a/docs/integrations/slack.md +++ b/docs/integrations/slack.md @@ -1,5 +1,6 @@ --- sidebar_position: 3 +title: Slack Integration Guide --- # Slack diff --git a/docs/quickstart/quickstart-kubernetes.md b/docs/quickstart/quickstart-kubernetes.md index 7b598d51f..1fba126c5 100644 --- a/docs/quickstart/quickstart-kubernetes.md +++ b/docs/quickstart/quickstart-kubernetes.md @@ -30,7 +30,7 @@ Copy your authorization key. This key is required in subsequent steps below. ### Add Helm Charts Repository ```bash -helm repo add levoai https://charts.levo.ai && helm repo update +helm repo add levoai https://charts.levo.ai && helm repo update levoai ``` ### Add LevoAI Auth Key @@ -47,6 +47,12 @@ helm upgrade --install -n levoai --create-namespace \ levoai-satellite levoai/levoai-satellite ``` +:::info + +Please refer to [install satellite in kubernetes](/install-satellite/satellite-kubernetes.mdx) for detailed instructions. + +::: + ### Check satellite connectivity Execute the following to check for connectivity health: @@ -63,17 +69,16 @@ If connectivity is healthy, you will see output similar to below. ### Install eBPF Sensor ```bash -# Replace 'hostname|IP' & 'port' with the values you noted down from the Satellite install -# If Sensor is installed on same cluster as Satellite, use 'levoai-collector.levoai:4317' -# Specify below the 'Application Name' chosen earlier. -# +# Replace 'levoai-haproxy' with the values you noted down from previous step if +# Sensor was installed on a different cluster than satellite. +# Use appropriate environment value for levoEnv to segregate API assets in Levo dashboard. + helm upgrade levoai-sensor levoai/levoai-ebpf-sensor \ --install \ --namespace levoai \ --create-namespace \ - --set sensor.config.default-service-name=<'Application Name' chosen earlier> \ - --set sensor.config.satellite-url= - --set sensor.config.env=<'Application environment'> + # --set sensor.satelliteUrl=levoai-haproxy \ + --set sensor.levoEnv= ``` ### Check sensor health diff --git a/docs/quickstart/quickstart-mac.md b/docs/quickstart/quickstart-mac.md index 8088b9027..70b81b29d 100644 --- a/docs/quickstart/quickstart-mac.md +++ b/docs/quickstart/quickstart-mac.md @@ -1,6 +1,7 @@ --- sidebar_position: 2 keywords: [API Security, ZAP, OWASP, Linux, macOS, Windows, API Observability] +description: Get started with Levo.ai on macOS. Follow our quickstart guide for seamless installation and setup of the Levo.ai API Security Platform on your Mac. --- # Quickstart on Mac / Laptop @@ -29,7 +30,7 @@ The Sensor-Satellite setup can be run with the following docker command - docker run -e LEVOAI_AUTH_KEY= \ -e LEVOAI_ORG_ID= \ --net=host \ - -v ./logs:/mnt/levo/logs + -v ./logs:/mnt/levo/logs \ levoai/levo-all ``` diff --git a/docs/quickstart/quickstart-minikube.md b/docs/quickstart/quickstart-minikube.md index 4532b94cf..d72c21510 100644 --- a/docs/quickstart/quickstart-minikube.md +++ b/docs/quickstart/quickstart-minikube.md @@ -44,7 +44,7 @@ minikube mount /proc:/ggproc Then, in a new terminal window, run: ```shell -helm repo add levoai https://charts.levo.ai && helm repo update +helm repo add levoai https://charts.levo.ai && helm repo update levoai helm pull levoai/levoai-ebpf-sensor --untar cd levoai-ebpf-sensor/ sed -i "s/path: \/proc/path: \/ggproc/" templates/deployment.yaml diff --git a/docs/security-testing/catalog-tests.md b/docs/security-testing/catalog-tests.md index 6e572a862..1606a9141 100644 --- a/docs/security-testing/catalog-tests.md +++ b/docs/security-testing/catalog-tests.md @@ -1,31 +1,43 @@ --- -sidebar_position: 0 +sidebar_position: 1 --- # Running Tests from Catalog -Levo provides you with the ability to run a variety of tests on your endpoints using the Test Runs feature. +Levo provides you with the ability to run a variety of tests on your API endpoints using the Run Tests feature. -The tests run on Levo's Platform, i.e., the requests to the target server are made by Levo. This means that the application must be exposed via a publicly reachable domain or IP address. - -Navigate to the `Applications` tab and choose an Application you want to run tests against. +### Navigate to the `Applications` tab and choose an Application you want to run tests against. ![](../assets/testruns-step-1.png) -Click on the `Run Tests` button on the top right side of the screen and then choose `Run on Cloud`. +

+ +### Click on the `Test` button on the bottom right side of the screen. ![](../assets/testruns-step-2.png) -Select Runnable Endpoints on the next screen. +

-![](../assets/testruns-step-3.png) +### Select Test Mode. ->Note: You can configure non-runnable endpoints by manually entering sample values for mandatory parameters. +![](../assets/testruns-step-3.png) -Click on Next and select the categories of test you want to run from and choose from a wide variety of Tests like BOLA, SQLI, CORS, Fuzzing, etc. +### Tests will run for all runnable endpoints, you can change the endpoints test parameters if needed. ![](../assets/testruns-step-4.png) -Enter a Target URL to run tests against, e.g. `http://crapi.levo.ai` and click on `Run Tests` to start the tests' execution. +>Note: You can configure non-runnable endpoints by manually entering sample values for mandatory parameters. + +

+ +### Select the categories of test you want to run from and choose from a wide variety of Tests like BOLA, SQLI, CORS, Fuzzing, etc. ![](../assets/testruns-step-5.png) + +

+ +### Select Method and Enter a Target URL to run tests against, e.g. `http://crapi.levo.ai` and click on `Run Tests` to start the tests' execution. +- `Run on Cloud`: The tests will be run on Levo's platform, i.e., the requests to the target server are made by Levo. This means that the application must be exposed via a publicly reachable domain or IP address. +- `Run on-prem`: The tests will run on your premise. Head to the **[Testrunners](testrunner.mdx)** page to know how to install **Testrunners**. + +![](../assets/testruns-step-6.png) diff --git a/docs/security-testing/github-action.md b/docs/security-testing/github-action.md index 10cc60d7f..ed476b158 100644 --- a/docs/security-testing/github-action.md +++ b/docs/security-testing/github-action.md @@ -1,5 +1,5 @@ --- -sidebar_position: 2 +sidebar_position: 3 --- # GitHub Action diff --git a/docs/security-testing/jenkins-plugin.md b/docs/security-testing/jenkins-plugin.md index 36526738c..7fa72d08c 100644 --- a/docs/security-testing/jenkins-plugin.md +++ b/docs/security-testing/jenkins-plugin.md @@ -1,5 +1,5 @@ --- -sidebar_position: 3 +sidebar_position: 4 --- # Jenkins Plugin diff --git a/docs/security-testing/test-laptop/_category_.json b/docs/security-testing/test-laptop/_category_.json index 8317c86d6..754617571 100644 --- a/docs/security-testing/test-laptop/_category_.json +++ b/docs/security-testing/test-laptop/_category_.json @@ -1,4 +1,4 @@ { "label": "Running Tests from CLI", - "position": 1 + "position": 4 } diff --git a/docs/security-testing/test-laptop/test-linux.md b/docs/security-testing/test-laptop/test-linux.md index 3beae98aa..cc1d0131c 100644 --- a/docs/security-testing/test-laptop/test-linux.md +++ b/docs/security-testing/test-laptop/test-linux.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +description: Set up and execute data-driven API security tests on Linux with Levo.ai. Follow our detailed guide for seamless installation and robust testing results. --- # Test on Linux diff --git a/docs/security-testing/test-laptop/test-mac-os.md b/docs/security-testing/test-laptop/test-mac-os.md index cef7dd1a9..6d46ee3b4 100644 --- a/docs/security-testing/test-laptop/test-mac-os.md +++ b/docs/security-testing/test-laptop/test-mac-os.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +description: Set up and execute security tests on macOS with Levo.ai. Follow our detailed guide to install Levo CLI and ensure robust API security on your Mac. --- # Test on Mac OS diff --git a/docs/security-testing/test-laptop/test-windows.md b/docs/security-testing/test-laptop/test-windows.md index a5ffeedbc..baaf6e574 100644 --- a/docs/security-testing/test-laptop/test-windows.md +++ b/docs/security-testing/test-laptop/test-windows.md @@ -1,5 +1,6 @@ --- sidebar_position: 3 +description: Learn how to test Levo.ai on Windows laptops. Follow our detailed guide for setup, execution, and security testing to ensure robust API protection. --- # Test on Windows diff --git a/docs/security-testing/testrunner.mdx b/docs/security-testing/testrunner.mdx new file mode 100644 index 000000000..1e4d53b65 --- /dev/null +++ b/docs/security-testing/testrunner.mdx @@ -0,0 +1,155 @@ +--- +id: testrunner +title: Test Runner +sidebar_label: Test Runner +sidebar_position: 2 +description: Set up Levo.ai Test Runner on Docker or Kubernetes. Follow our detailed guide for installation and deployment to enhance API security in your environment. +--- + +import BrowserOnly from '@docusaurus/BrowserOnly'; + +export function DownloadLevoTestRunner() { + return ( + Loading...}> + {() => ( + levoai-testrunner.sh + )} + + ); +} + +## Running Security Tests with Levo.ai + +Levo provides you with the ability to run security tests on your application endpoints. These tests can be executed in the following environments: + +- **On the Cloud** +- **On Premises** +## Requirements for Running Security Tests + +To successfully run security tests, you need: + +1. A target service URL that is reachable. +2. A valid configuration for authenticated endpoints. +3. Valid API endpoint parameters. + +### Testing Publicly Reachable Services + +If your target service is publicly accessible, you can directly run security tests from the Levo Cloud. + +### Testing Internal Services + +For internal services that are not publicly reachable, you can use the **Levo Testrunner**. The testrunner is a service that can be installed on your premises. + +Once you initiate security tests from the Levo UI, the testrunner will: +- Pull the tests to your premises. +- Execute them internally. + +This approach ensures secure testing of internal APIs. + +--- + +## Installation + +You can install the testrunner +- [Via helm in Kubernetes environment](#install-testrunner-via-helm-on-kubernetes) +- [Via docker](#install-testrunner-via-docker) + +### Prerequisites +Before installation, ensure the following: + +1. **Levo Authorization Token**: Refer to [Generating CLI Authorization Keys](/integrations/common-tasks.md#generating-cli-authorization-keys). +2. **Organization ID**: Refer to [Accessing Organization IDs](/integrations/common-tasks.md#accessing-organization-ids). +3. **Helm or Docker**: Install the appropriate tool based on your chosen installation method. + +--- + +### Install Testrunner via Helm on Kubernetes + +Follow these steps to install the testrunner in a Kubernetes environment: + +1. Add Levo Helm Repository: + +```bash +helm repo add levoai https://levoai.github.io/helm-charts/ +``` + +2. Install the Testrunner Helm Chart: + + +```bash +helm install \ +--set key="auth-key" \ +--set orgId="organization id" \ +--set levoBaseUrl="https://api.levo.ai" \ +testrunner levoai/testrunner +``` + +:::info + +For apps hosted in different regions, update the `levoBaseUrl`. +For example, if the testrunner is used with `app.india-1.levo.ai`: + + +```bash +helm install \ +--set key="auth-key" \ +--set orgId="organization id" \ +--set levoBaseUrl="https://api.india-1.levo.ai" \ +testrunner levoai/testrunner +``` +::: + +

+ +### Install Testrunner via Docker + +If Docker is installed on your machine, follow these steps to start the testrunner: + +1. Download the script. +2. Make the script executable: +```bash +chmod +x levoai-testrunner.sh +``` + +3. Set the required environment variables: +```bash +export LEVOAI_AUTH_KEY='' +export LEVOAI_ORG_ID='' +``` + +4. Start the testrunner: +```bash +./levoai-testrunner.sh start +``` + +:::note + +If you are running the script with `sudo`, ensure that the environment variables are also set with `sudo`. Otherwise, the script will not have access to these variables. + +Alternatively, you can use the `-E` flag with `sudo` to preserve the user-defined environment variables, like this: +```bash +sudo -E ./levoai-testrunner.sh start +``` +This ensures the script can access the required environment variables without explicitly redefining them under sudo. + +::: + +5. Stop the testrunner: +```bash +./levoai-testrunner.sh stop +``` + +:::info + +For apps hosted in different regions, set the environment variable `LEVOAI_BASE_URL`. +```bash +export LEVOAI_BASE_URL='https://api.india-1.levo.ai' +``` + +::: + +--- + +### Need Help? +For further assistance, please reach out to [Levo.ai Support](mailto:support@levo.ai). + diff --git a/docusaurus.config.js b/docusaurus.config.js index b874e4ce4..a0dff613b 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -84,7 +84,11 @@ const config = { }, { to: '/security-testing/test-laptop', - from: ['/security-contract-testing/levo-cli/levo-cli-intro'], + from: [ + '/security-contract-testing/levo-cli/levo-cli-intro', + '/levo-cli/levo-cli-intro', + '/beta/api-observability/quickstart/quickstart-laptop' + ], }, { to: '/security-testing/test-laptop/test-mac-os', @@ -138,6 +142,10 @@ const config = { to: '/guides/install-guide', from: '/api-observability/install-guide', }, + { + to: '/install-traffic-capture-sensors', + from: '/beta/api-observability/install-guide/install-sensor', + }, { to: '/guides/demo-application', from: '/api-observability/quickstart/sample-app', @@ -148,7 +156,7 @@ const config = { }, { to: '/guides/key-concepts', - from: '/api-observability/concepts', + from: ['/api-observability/concepts', '/beta/api-observability/concepts'], }, { to: '/guides/api-observability', @@ -170,10 +178,49 @@ const config = { to: '/install-traffic-capture-sensors/ebpf-sensor/sensor-kubernetes', from: '/api-observability/common-tasks/sensor/sensor-mgmt', }, + { + to: '/security-testing/test-laptop/test-linux', + from: '/levo-cli/levo-cli-for-linux' + }, + { + to: '/security-testing/test-laptop/test-mac-os', + from: '/levo-cli/levo-cli-for-mac-os' + }, + { + to: '/security-testing/test-laptop/test-windows', + from: '/levo-cli/levo-cli-for-windows' + }, + { + to: '/quickstart', + from: '/beta/api-observability/quickstart' + }, + { + to: '/security-testing/catalog-tests', + from: [ + '/test-your-app/test-app-security/data-driven/execute-test-plan', + '/test-your-app/test-app-security/choices', + '/solutions/api-security-testing' + ] + }, + { + to: '/guides/security-testing/test-your-app/test-app-security/choices', + from: '/concepts/test-plans/test-plan-types' + }, + { + to: '/guides/security-testing/concepts/test-plans/fixtures/test-fixtures', + from: '/concepts/test-plans/fixtures/test-fixtures' + }, + { + to:'/vulnerabilities/v1/Miscellaneous/schema-conformance', + from: '/test-your-app/test-app-schema-conformance' + }, + { + to: '/', + from: '/how-it-works' + } ], createRedirects(existingPath) { if (existingPath.includes('/quickstart')) { - // Redirect from /docs/team/X to /community/X and /docs/support/X to /community/X return [ existingPath.replace('/quickstart', '/api-observability/quickstart'), ]; @@ -198,11 +245,6 @@ const config = { existingPath.replace('/install-traffic-capture-sensors/common-tasks', '/api-observability/common-tasks/sensor'), ]; } - if (existingPath.includes('/quickstart')) { - return [ - existingPath.replace('/quickstart', '/api-observability/quickstart'), - ]; - } return undefined; // Return a falsy value: no redirect created }, }, @@ -226,7 +268,8 @@ const config = { // title: 'Levo.ai', logo: { alt: 'Levo.ai Logo', - src: 'img/logo.svg', + src: 'img/logo-light.svg', + srcDark: 'img/logo-dark.svg' }, items: [ { @@ -248,7 +291,6 @@ const config = { ], }, footer: { - style: 'dark', links: [ { title: 'Levo.ai', diff --git a/static/artifacts/apiportal/main.tf b/static/artifacts/apiportal/main.tf index 9de5acb70..1fe377e12 100644 --- a/static/artifacts/apiportal/main.tf +++ b/static/artifacts/apiportal/main.tf @@ -30,12 +30,8 @@ variable "refresh_token" { description = "Enter your Refresh Token" } -variable "env_name" { - description = "Enter your Env Name" -} - -variable "app_name" { - description = "Enter your App Name" +variable "levo_org_id" { + description = "Enter your Levo ORG ID" } @@ -64,18 +60,14 @@ resource "aws_ecs_task_definition" "levoai-docs" { ], "essential": true, "environment": [ - { - "name": "APP_NAME", - "value": var.app_name - }, - { - "name": "ENV_NAME", - "value": var.env_name - }, { "name": "REFRESH_TOKEN", "value": var.refresh_token }, + { + "name": "LEVO_ORG_ID", + "value": var.levo_org_id + } { "name": "LEVO_BASE_URL", "value": "https://api.levo.ai" diff --git a/static/artifacts/log-parser/log-parser.tar.gz b/static/artifacts/log-parser/log-parser.tar.gz new file mode 100644 index 000000000..55dbe2ace Binary files /dev/null and b/static/artifacts/log-parser/log-parser.tar.gz differ diff --git a/static/artifacts/pcap-sensor/config.yaml b/static/artifacts/pcap-sensor/config.yaml new file mode 100644 index 000000000..b2b983dc0 --- /dev/null +++ b/static/artifacts/pcap-sensor/config.yaml @@ -0,0 +1,25 @@ +############################################################################################## +# PCAP Sensor Configuration Settings (YAML Format) +# Copyright: Levo Inc., @COPYRIGHT_YEAR@ +############################################################################################## + +name: "Levoai Sensor" +display-name: "Levoai Sensor Service" +description: "Service for running the Levoai Sensor" +log-file-path: "levoai-service.log" +exec: "levoai-sensor.exe" +args: ["apidump"] + + +satellite-url: http://collector.levo.ai +levo-env: staging +levoai-org-id: "" +rate-limit: 100 +trace-export-interval: 1 +filter: "" +path-allow: [] +host-allow: [] +path-exclusions: [] +host-exclusions: [] +max-http-length: 1000000 +stream-timeout-seconds: 2 \ No newline at end of file diff --git a/static/artifacts/pcap-sensor/low_resource.json b/static/artifacts/pcap-sensor/low_resource.json new file mode 100644 index 000000000..a2f8ef72b --- /dev/null +++ b/static/artifacts/pcap-sensor/low_resource.json @@ -0,0 +1,44 @@ +{ + "name": "levo-pcap-sensor", + "image": "levoai/pcap-sensor:0.1.9", + "cpu": 256, + "memory": 200, + "portMappings": [], + "essential": false, + "entryPoint": [ + "./bin/init", + "apidump", + "--satellite-url", + "< INSERT SATELLITE URL (http(s)://hostname|IP:port) >", + "--levo-env", + "", + "--levoai-org-id", + "< INSERT LEVO ORG ID >", + "--rate-limit", + "100", + "--trace-export-interval", + "1.0", + "--stream-timeout-seconds", + "2.0", + "--max-http-length", + "1000000" + + ], + "environment": [ + { + "name": "LEVO_AWS_REGION", + "value": "< INSERT AWS REGION (us-west-2) >" + } + ], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "< INSERT LOGS IDENTIFIER (/ecs/your-application-pcap) >", + "awslogs-create-group": "true", + "awslogs-region": "< INSERT AWS REGION (us-west-2) >", + "awslogs-stream-prefix": "ecs-pcap" + } + } +} \ No newline at end of file diff --git a/static/artifacts/pcap-sensor/low_resource_values.yaml b/static/artifacts/pcap-sensor/low_resource_values.yaml new file mode 100644 index 000000000..f8cee5399 --- /dev/null +++ b/static/artifacts/pcap-sensor/low_resource_values.yaml @@ -0,0 +1,29 @@ +--- +sensor: + imageRepo: docker.io/levoai/pcap-sensor + imageTag: latest + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + nodeSelector: {} + containerResources: + requests: + cpu: 0.1 + memory: 150Mi + limits: + cpu: 0.25 + memory: 200Mi + config: + satelliteUrl: "http://levoai-satellite:9999" + levoEnv: "staging" + traceExportInterval: "1.0" + rateLimit: "100.0" + maxHttpLength: "1000000" + streamTimeoutSeconds: "2" + levoaiOrgId: "" + filter: "" + hostAllow: "" + pathAllow: "" + hostExclusions: "" + pathExclusions: "" diff --git a/static/artifacts/pcap-sensor/main.tf b/static/artifacts/pcap-sensor/main.tf new file mode 100644 index 000000000..036de1b03 --- /dev/null +++ b/static/artifacts/pcap-sensor/main.tf @@ -0,0 +1,170 @@ +variable "aws_region" { + description = "AWS region where resources will be deployed" + type = string +} + +variable "aws_log_group" { + description = "AWS log group name" + type = string +} + +variable "task_definition_name" { + description = "Name of the ECS Task Definition to modify" + type = string +} + +variable "image_name" { + description = "Levo.ai pcap sensor image name" + type = string + default = "levoai/pcap-sensor:0.1.9" +} + +variable "satellite_url" { + description = "Enter your Satellite's Address" + type = string +} + +variable "levo_env" { + description = "Enter your Application environment" + type = string +} + +variable "org_id" { + description = "Specify your Organization ID (from the Levo Dashboard)" + type = string +} + +variable "rate_limit" { + description = "Specify the rate-limit" + type = string + default = "50.0" +} + +variable "trace_export_interval" { + description = "Specify the export interval for traces" + type = string + default = "1.0" +} + +variable "stream_timeout_seconds" { + description = "Specify the stream timeout seconds for rearranging out of order packets" + type = string + default = "1.0" +} + +variable "cpu_percentage_limit" { + description = "Percentage of CPU allocated to the sensor container out of total task cpu" + type = string + default = "5" +} + +variable "memory_percentage_limit" { + description = "Percentage of memory allocated to the sensor container out of total task memory" + type = string + default = "5" +} + +provider "aws" { + region = var.aws_region +} + +resource "aws_ecs_task_definition" "modified_task_definition" { + family = local.task_def_json.taskDefinition.family + network_mode = local.task_def_json.taskDefinition.networkMode + requires_compatibilities = local.task_def_json.taskDefinition.requiresCompatibilities + execution_role_arn = local.task_def_json.taskDefinition.executionRoleArn + cpu = local.task_def_json.taskDefinition.cpu + memory = local.task_def_json.taskDefinition.memory + container_definitions = jsonencode(local.updated_container_definitions) + + # Add volumes if they exist in the old task definition + dynamic "volume" { + for_each = local.task_def_json.taskDefinition.volumes + content { + name = volume.value.name + host_path = volume.value.hostPath + } + } +} + +resource "null_resource" "fetch_task_definition" { + provisioner "local-exec" { + command = < "${path.module}/task_definition.json" + EOT + } +} + +data "local_file" "task_definition" { + filename = "${path.module}/task_definition.json" + depends_on = ["null_resource.fetch_task_definition"] +} + +output "container_definitions" { + value = local.updated_container_definitions +} + + +locals { + # Decode the entire task definition JSON + task_def_json = jsondecode(data.local_file.task_definition.content) + + # Extract the CPU and memory at the task level + task_cpu = tonumber(local.task_def_json.taskDefinition.cpu) + task_memory = tonumber(local.task_def_json.taskDefinition.memory) + + existing_container_definitions = local.task_def_json.taskDefinition.containerDefinitions + + # Calculate 5% of the task CPU and memory + new_container_cpu_limit = floor(local.task_cpu * var.cpu_percentage_limit / 100) + new_container_memory_limit = floor(local.task_memory * var.memory_percentage_limit / 100) + + # Add the new container definition + new_container_definitions = [{ + "name": "levo-pcap-sensor", + "image": var.image_name, + "cpu": local.new_container_cpu_limit, + "memory": local.new_container_memory_limit, + "portMappings": [], + "essential": false, + "entryPoint": [ + "./bin/init", + "apidump", + "--satellite-url", + var.satellite_url, + "--levo-env", + var.levo_env, + "--levoai-org-id", + var.org_id, + "--rate-limit", + var.rate_limit, + "--trace-export-interval", + var.trace_export_interval, + "--stream-timeout-seconds", + var.stream_timeout_seconds + ], + "environment": [ + { + "name": "LEVO_AWS_REGION", + "value": var.aws_region + } + ], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": var.aws_log_group, + "awslogs-create-group": "true", + "awslogs-region": var.aws_region, + "awslogs-stream-prefix": "ecs-pcap" + } + } + }] + + updated_container_definitions = concat([ + for existing_container in local.existing_container_definitions : + existing_container + if length([for new_container in local.new_container_definitions : new_container if new_container.name == existing_container.name]) == 0 + ], local.new_container_definitions) +} diff --git a/static/artifacts/satellite/docker-compose.yml b/static/artifacts/satellite/docker-compose.yml index 702823136..2228cc3d3 100644 --- a/static/artifacts/satellite/docker-compose.yml +++ b/static/artifacts/satellite/docker-compose.yml @@ -1,4 +1,3 @@ -version: "3.9" services: levoai-rabbitmq: image: 'rabbitmq:3.12.8-management' @@ -18,6 +17,7 @@ services: RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-levoailevoai} # send logs to stdout, ref: https://www.rabbitmq.com/logging.html#log-file-location RABBITMQ_LOGS: '-' + RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: "-rabbit consumer_timeout 600000" command: > bash -c "mkdir -p /opt/rabbitmq/resources && openssl req -x509 -nodes -newkey rsa:4096 -subj "/C=IN/ST=Telangana/L=Hyderabad/O=Levo.ai/OU=Security/CN=localhost:5671" -keyout /opt/rabbitmq/resources/ca.key -out /opt/rabbitmq/resources/ca.crt -days 365000 && @@ -25,8 +25,12 @@ services: openssl x509 -req -in /opt/rabbitmq/resources/server.csr -CA /opt/rabbitmq/resources/ca.crt -CAkey /opt/rabbitmq/resources/ca.key -CAcreateserial -out /opt/rabbitmq/resources/server.crt -days 365000 && chmod -R 755 /opt/rabbitmq/resources && echo ' + heartbeat = 600 listeners.tcp.1 = 0.0.0.0:5672 listeners.ssl.default = 5671 + tcp_listen_options.keepalive = true + tcp_listen_options.nodelay = true + tcp_listen_options.send_timeout = 120000 ssl_options.cacertfile = /opt/rabbitmq/resources/ca.crt ssl_options.certfile = /opt/rabbitmq/resources/server.crt ssl_options.keyfile = /opt/rabbitmq/resources/server.key @@ -171,3 +175,21 @@ services: "org-prefix": "${LEVOAI_ORG_PREFIX:-}" } } + + levoai-haproxy: + image: "levoai/haproxy:${LEVOAI_HAPROXY_VERSION:-latest}" + container_name: levoai-haproxy + restart: always + depends_on: + - levoai-collector + - levoai-satellite + ports: + - '80:8080' + environment: + LEVOAI_SATELLITE_AUTHN_ENABLED: ${LEVOAI_SATELLITE_AUTHN_ENABLED:-false} + LEVOAI_CONF_OVERRIDES: > + { + "onprem-api": { + "org-id": "${LEVOAI_ORG_ID:-}", + } + } diff --git a/static/artifacts/satellite/get_levoai_satellite_logs.sh b/static/artifacts/satellite/get_levoai_satellite_logs.sh new file mode 100755 index 000000000..1ed0525ae --- /dev/null +++ b/static/artifacts/satellite/get_levoai_satellite_logs.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +# Check if kubectl is installed +if ! command -v kubectl &> /dev/null; then + echo "Error: kubectl is not installed or not found in your PATH. Please install kubectl and try again." + exit 1 +fi + +# Validate if there is an active Kubernetes context +CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null) + +if [ -z "$CURRENT_CONTEXT" ]; then + echo "Warning: No active Kubernetes context found. Please configure your kubeconfig and try again." + exit 1 +fi + +echo "Active Kubernetes context: $CURRENT_CONTEXT" + +# Set the namespace (default to "levoai" if not provided as an argument) +NAMESPACE=${1:-levoai} + +echo "Checking for pods in $NAMESPACE namespace.." + +# Check if the namespace exists and has pods +PODS=$(kubectl get pods -n "$NAMESPACE" --no-headers -o custom-columns=":metadata.name") + +if [ -z "$PODS" ]; then + echo "Warning: No pods found in namespace '$NAMESPACE' in the current context." + exit 1 +fi + +# Create a temporary directory to store logs +TEMP_DIR=$(mktemp -d) +echo "Temporary directory created: $TEMP_DIR" + +# Loop through each pod and save its logs into separate files +for POD in $PODS; do + LOG_FILE="$TEMP_DIR/${POD}.log" + echo "Collecting logs for pod: $POD" + kubectl logs "$POD" -n "$NAMESPACE" > "$LOG_FILE" 2>&1 +done + +# Create archive of current directory +TAR_FILE="/tmp/levoai_satellite_logs_$(date +%Y_%m_%d_%H_%M_%S).tar.gz" +tar -czf "$TAR_FILE" -C "$TEMP_DIR" . + +echo "Logs have been collected and archived at $TAR_FILE" + +# Clean up temporary directory +rm -rf "$TEMP_DIR" + + diff --git a/static/artifacts/satellite/levo_satellite.sh b/static/artifacts/satellite/levo_satellite.sh index 4d7b7bc7b..90e969e21 100755 --- a/static/artifacts/satellite/levo_satellite.sh +++ b/static/artifacts/satellite/levo_satellite.sh @@ -6,14 +6,14 @@ # ./levo_satellite.sh stop # ./levo_satellite.sh restart # ./levo_satellite.sh upgrade +# ./levo_satellite.sh get-logs ############################################ set -Eexuo pipefail DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" echo "DIR: $DIR" -if [ -r "$DIR"/.levoenv ] -then +if [ -r "$DIR"/.levoenv ]; then echo "Loading environment variables from $DIR/.levoenv" # export these env variables so that docker compose can pick them export $(grep -v '^#' "$DIR"/.levoenv | xargs) @@ -21,70 +21,112 @@ fi set_resource_limits() { # Get the number of cores on the machine. This should work for both Linux and Mac. - cpu_cores=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || sysctl -n hw.ncpu) - - # One CPU unit is 1/30th of total cores. - cpu_unit=$(echo "scale=2; $cpu_cores / 30" | bc) - echo "CPU cores: $cpu_cores, CPU unit: $cpu_unit" - - export LEVOAI_RABBITMQ_CPU_LIMIT=$(bc <<< "$cpu_unit * 10") - export LEVOAI_SATELLITE_CPU_LIMIT=$(bc <<< "$cpu_unit * 6") - export LEVOAI_TAGGER_CPU_LIMIT=$(bc <<< "$cpu_unit * 15") - export LEVOAI_COLLECTOR_CPU_LIMIT=$(bc <<< "$cpu_unit * 6") - - # Get the total memory on the machine. This should work for both Linux and Mac. - total_memory=$(grep MemTotal /proc/meminfo 2>/dev/null | awk '{print $2}' || sysctl -n hw.memsize) - memory_mult=$(echo "scale=2; $total_memory / 1024 / 256 / 20" | bc) - - # mac memsize is in bytes, so divide by 1024 to get to MB - if [[ "$OSTYPE" == "darwin"* ]]; then - memory_mult=$(echo "scale=2; $memory_mult / 1024" | bc) - fi - memory_unit=$(bc <<< "$memory_mult * 256") - echo "Total memory: $total_memory, memory unit: $memory_unit" - - export LEVOAI_RABBITMQ_MEM_LIMIT=$(bc <<< "$memory_unit * 4")m - export LEVOAI_SATELLITE_MEM_LIMIT=$(bc <<< "$memory_unit * 2")m - export LEVOAI_TAGGER_MEM_LIMIT=$(bc <<< "$memory_unit * 8")m - export LEVOAI_COLLECTOR_MEM_LIMIT=$(bc <<< "$memory_unit * 4")m + cpu_cores=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || sysctl -n hw.ncpu) + + # One CPU unit is 1/30th of total cores. + cpu_unit=$(echo "scale=2; $cpu_cores / 30" | bc) + echo "CPU cores: $cpu_cores, CPU unit: $cpu_unit" + + export LEVOAI_RABBITMQ_CPU_LIMIT=$(bc <<< "$cpu_unit * 10") + export LEVOAI_SATELLITE_CPU_LIMIT=$(bc <<< "$cpu_unit * 6") + export LEVOAI_TAGGER_CPU_LIMIT=$(bc <<< "$cpu_unit * 15") + export LEVOAI_COLLECTOR_CPU_LIMIT=$(bc <<< "$cpu_unit * 6") + + # Get the total memory on the machine. This should work for both Linux and Mac. + total_memory=$(grep MemTotal /proc/meminfo 2>/dev/null | awk '{print $2}' || sysctl -n hw.memsize) + memory_mult=$(echo "scale=2; $total_memory / 1024 / 256 / 20" | bc) + + # mac memsize is in bytes, so divide by 1024 to get to MB + if [[ "$OSTYPE" == "darwin"* ]]; then + memory_mult=$(echo "scale=2; $memory_mult / 1024" | bc) + fi + memory_unit=$(bc <<< "$memory_mult * 256") + echo "Total memory: $total_memory, memory unit: $memory_unit" + + export LEVOAI_RABBITMQ_MEM_LIMIT=$(bc <<< "$memory_unit * 4")m + export LEVOAI_SATELLITE_MEM_LIMIT=$(bc <<< "$memory_unit * 2")m + export LEVOAI_TAGGER_MEM_LIMIT=$(bc <<< "$memory_unit * 8")m + export LEVOAI_COLLECTOR_MEM_LIMIT=$(bc <<< "$memory_unit * 4")m } start() { - echo "Starting Levo Satellite..." - if [ ! -e "$DIR"/docker-compose.yml ] - then - echo "Downloading Levo Satellite docker compose file." - curl https://docs.levo.ai/artifacts/satellite/docker-compose.yml -o "$DIR"/docker-compose.yml - fi - - export LEVOAI_AUTH_KEY=$LEVOAI_AUTH_KEY - - set_resource_limits - docker compose -f "$DIR"/docker-compose.yml up -d - echo "Levo Satellite started Successfully!!!" + echo "Starting Levo Satellite..." + if [ ! -e "$DIR"/docker-compose.yml ]; then + echo "Downloading Levo Satellite docker compose file." + curl https://docs.levo.ai/artifacts/satellite/docker-compose.yml -o "$DIR"/docker-compose.yml + fi + + set_resource_limits + docker compose -f "$DIR"/docker-compose.yml up -d + echo "Levo Satellite started Successfully!!!" } stop() { - echo "Stopping Levo Satellite..." - docker compose -f "$DIR"/docker-compose.yml stop - echo "Levo Satellite stopped Successfully!!!" + echo "Stopping Levo Satellite..." + docker compose -f "$DIR"/docker-compose.yml stop + echo "Levo Satellite stopped Successfully!!!" } restart() { - echo "Restarting Levo Satellite..." - stop - start - echo "Levo Satellite restarted Successfully!!!" + echo "Restarting Levo Satellite..." + stop + start + echo "Levo Satellite restarted Successfully!!!" } upgrade() { - echo "Upgrading Levo Satellite..." - curl https://docs.levo.ai/artifacts/satellite/docker-compose.yml -o "$DIR"/docker-compose.yml - docker compose -f "$DIR"/docker-compose.yml down -v --remove-orphans - set_resource_limits - docker compose -f "$DIR"/docker-compose.yml pull - docker compose -f "$DIR"/docker-compose.yml up -d --force-recreate - echo "Levo Satellite upgraded Successfully!!!" + echo "Upgrading Levo Satellite..." + curl https://docs.levo.ai/artifacts/satellite/docker-compose.yml -o "$DIR"/docker-compose.yml + docker compose -f "$DIR"/docker-compose.yml down -v --remove-orphans + set_resource_limits + docker compose -f "$DIR"/docker-compose.yml pull + docker compose -f "$DIR"/docker-compose.yml up -d --force-recreate + echo "Levo Satellite upgraded Successfully!!!" +} + +get-logs() { + echo "Collecting Docker Logs" + # Check if docker is installed + if ! command -v docker &> /dev/null; then + echo "Error: docker is not installed or not found in your PATH. Please install docker-compose and try again." + exit 1 + fi + + # Check if docker is running + if ! docker info >/dev/null 2>&1; then + echo "Error: Docker daemon is not running. Please start Docker and try again." + exit 1 + fi + + echo "Collecting Docker logs..." + + # Create a temporary directory to store logs + TEMP_DIR=$(mktemp -d) + echo "Temporary directory created: $TEMP_DIR" + + # Get all levoai service names from docker + SERVICES=$(docker ps -f name=levoai --format '{{.Names}}') + + if [ -z "$SERVICES" ]; then + echo "Warning: No running services found in docker-compose setup." + exit 1 + fi + + # Loop through each service and save its logs into separate files + for SERVICE in $SERVICES; do + LOG_FILE="$TEMP_DIR/${SERVICE}.log" + echo "Collecting logs for container: $SERVICE" + docker logs "$SERVICE" > "$LOG_FILE" 2>&1 + done + + # Create archive of logs + TAR_FILE="/tmp/docker_compose_logs_$(date +%Y_%m_%d_%H_%M_%S).tar.gz" + tar -czf "$TAR_FILE" -C "$TEMP_DIR" . + + echo "Logs have been collected and archived at $TAR_FILE" + + # Clean up temporary directory + rm -rf "$TEMP_DIR" } "$@" diff --git a/static/artifacts/satellite/proxy-docker-compose.yml b/static/artifacts/satellite/proxy-docker-compose.yml index 179ba05f3..3c6e0f902 100644 --- a/static/artifacts/satellite/proxy-docker-compose.yml +++ b/static/artifacts/satellite/proxy-docker-compose.yml @@ -11,6 +11,7 @@ services: retries: 10 ports: - '5672:5672' + - '5671:5671' - '15672:15672' environment: RABBITMQ_DEFAULT_USER: ${RABBITMQ_USERNAME:-levoai} @@ -18,6 +19,21 @@ services: # send logs to stdout, ref: https://www.rabbitmq.com/logging.html#log-file-location RABBITMQ_LOGS: '-' user: rabbitmq + command: > + bash -c "mkdir -p /opt/rabbitmq/resources && + openssl req -x509 -nodes -newkey rsa:4096 -subj "/C=IN/ST=Telangana/L=Hyderabad/O=Levo.ai/OU=Security/CN=localhost:5671" -keyout /opt/rabbitmq/resources/ca.key -out /opt/rabbitmq/resources/ca.crt -days 365000 && + openssl req -nodes -new -newkey rsa:4096 -subj "/C=IN/ST=Telangana/L=Hyderabad/O=Levo.ai/OU=Security/CN=localhost:5671" -keyout /opt/rabbitmq/resources/server.key -out /opt/rabbitmq/resources/server.csr -days 365000 && + openssl x509 -req -in /opt/rabbitmq/resources/server.csr -CA /opt/rabbitmq/resources/ca.crt -CAkey /opt/rabbitmq/resources/ca.key -CAcreateserial -out /opt/rabbitmq/resources/server.crt -days 365000 && + chmod -R 755 /opt/rabbitmq/resources && + echo ' + listeners.tcp.1 = 0.0.0.0:5672 + listeners.ssl.default = 5671 + ssl_options.cacertfile = /opt/rabbitmq/resources/ca.crt + ssl_options.certfile = /opt/rabbitmq/resources/server.crt + ssl_options.keyfile = /opt/rabbitmq/resources/server.key + ssl_options.verify = verify_none + ' > /etc/rabbitmq/rabbitmq.conf && + /usr/local/bin/docker-entrypoint.sh rabbitmq-server" mem_reservation: 512m cpus: 0.5 @@ -29,15 +45,13 @@ services: - '9999:9999' command: - "-w" - - "4" + - "1" - "-b" - "0.0.0.0:9999" - - "--worker-tmp-dir" - - "/dev/shm" - "--worker-class" - - "gevent" + - "uvicorn.workers.UvicornWorker" - "--worker-connections" - - "500" + - "1000" - "levoai_e7s.satellite.satellite:create_server()" environment: LEVOAI_DEBUG_ENABLED: ${LEVOAI_SATELLITE_DEBUG_ENABLED:-false} diff --git a/static/artifacts/sensor/check-compatibility.sh b/static/artifacts/sensor/check-compatibility.sh index e3cb0a6b0..3c92070a1 100644 --- a/static/artifacts/sensor/check-compatibility.sh +++ b/static/artifacts/sensor/check-compatibility.sh @@ -49,6 +49,8 @@ available_btf_kernels=( "4.14.336-257.568.amzn2.x86_64" "4.14.343-259.562.amzn2.x86_64" "4.14.343-260.564.amzn2.x86_64" + "4.14.345-262.561.amzn2.x86_64" + "4.14.348-265.562.amzn2.x86_64" "4.15.0-1054-aws" "4.15.0-1084-fips" "4.18.0-477.27.1.el8_8.x86_64" diff --git a/static/artifacts/sensor/config-values.yml b/static/artifacts/sensor/config-values.yml index abc704e61..684cb55f2 100644 --- a/static/artifacts/sensor/config-values.yml +++ b/static/artifacts/sensor/config-values.yml @@ -41,14 +41,9 @@ sensor: # Satellite Settings: # -------------------------------------------------------------------------------------------- - # Levo Organization ID. This must be specified when the collector is hosted by Levo. - # organization-id: "" - # Use HTTP/2 (gRPC) for communication with the collector. If this is disabled, HTTP/1.1 will be used. collector-grpc-transport: true - # URL for the satellite receiving the Sensor's API traces and metrics. - satellite-url: levoai-haproxy # -------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------- diff --git a/static/artifacts/sensor/config.yml b/static/artifacts/sensor/config.yml index 049d05c3c..164b5b66b 100644 --- a/static/artifacts/sensor/config.yml +++ b/static/artifacts/sensor/config.yml @@ -36,14 +36,9 @@ default-service-name: default # Satellite Settings: # -------------------------------------------------------------------------------------------- -# Levo Organization ID. This must be specified when the collector is hosted by Levo. -# organization-id: "" - # Use HTTP/2 (gRPC) for communication with the collector. If this is disabled, HTTP/1.1 will be used. collector-grpc-transport: true -# URL for the satellite receiving the Sensor's API traces and metrics. -satellite-url: https://collector.levo.ai # -------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------- diff --git a/static/artifacts/sensor/main.tf b/static/artifacts/sensor/main.tf index ac6d6b128..139fd651f 100644 --- a/static/artifacts/sensor/main.tf +++ b/static/artifacts/sensor/main.tf @@ -10,6 +10,10 @@ variable "levo_env" { description = "Enter your Application environment" } +variable "org_id" { + description = "Specify your Organization ID (from the Levo Dashboard)" +} + resource "aws_ecs_task_definition" "levoai-sensor" { family = "levoai-ebpf-sensor" network_mode = "awsvpc" @@ -37,7 +41,9 @@ resource "aws_ecs_task_definition" "levoai-sensor" { "--satellite-url", var.satellite_url, "--levo-env", - var.levo_env + var.levo_env, + "--organization-id", + var.org_id ], "environment": [], "mountPoints": [ diff --git a/static/artifacts/testrunner/levoai-testrunner.sh b/static/artifacts/testrunner/levoai-testrunner.sh new file mode 100755 index 000000000..0611140b6 --- /dev/null +++ b/static/artifacts/testrunner/levoai-testrunner.sh @@ -0,0 +1,124 @@ +#!/usr/bin/env bash + +CONTAINER_NAME="levoai-testrunner" +IMAGE_NAME="levoai/levo:stable" +DEFAULT_LEVOAI_BASE_URL="https://api.levo.ai" + +# Function to display usage information +show_usage() { + echo "Usage: $0 [start|stop]" + echo "" + echo "Arguments:" + echo " start Start the $CONTAINER_NAME." + echo " stop Stop the $CONTAINER_NAME if running." + echo " --help, -h Display this help message." + echo "" +} + +# Function to display the usage of the `start` option +show_start_usage() { + echo "Usage: $0 start" + echo "" + echo "Starts the $CONTAINER_NAME with the provided environment variables." + echo "Ensure the following environment variables are set:" + echo " LEVOAI_AUTH_KEY Your Levo authentication key." + echo " LEVOAI_ORG_ID Your Levo organization ID." + echo " LEVOAI_BASE_URL (Optional) Levo Base URL. Default is '${DEFAULT_LEVOAI_BASE_URL}'." + echo "" + echo "Example:" + echo " export LEVOAI_AUTH_KEY='your-auth-key'" + echo " export LEVOAI_ORG_ID='your-org-id'" + echo " $0 start" +} + +# Function to determine the host's Docker internal IP +get_docker_internal_ip() { + if command -v ip > /dev/null; then + ip route | awk '/docker0/ { print $9 }' + else + # Fallback for systems without the `ip` command + echo "127.0.0.1" + fi +} + +# Function to check if an environment variable is set +check_env_var() { + local var_name="$1" + local var_value="${!var_name}" + if [[ -z "$var_value" ]]; then + echo "Error: Environment variable $var_name is not set." + echo "Try setting the $var_name using the following command:" + echo "export $var_name='value'" + exit 1 + fi +} + +# Function to start the container +start_container() { + # Check for required environment variables + check_env_var "LEVOAI_AUTH_KEY" + check_env_var "LEVOAI_ORG_ID" + + local base_url="${LEVOAI_BASE_URL:-$DEFAULT_LEVOAI_BASE_URL}" + echo "LEVOAI_BASE_URL: $base_url" + + echo "Starting the $CONTAINER_NAME..." + mkdir -p $HOME/.config/configstore + + docker run --restart always -d \ + --name $CONTAINER_NAME \ + --add-host=host.docker.internal:$(get_docker_internal_ip) \ + --mount type=bind,source=$HOME/.config/configstore,target=/home/levo/.config/configstore \ + -v $HOME/.aws:/home/levo/.aws \ + -v $PWD:/home/levo/work:rw \ + -e LOCAL_USER_ID=$(id -u) \ + -e LOCAL_GROUP_ID=$(id -g) \ + -e LEVO_BASE_URL="${base_url}" \ + -e LEVOAI_ORG_ID="${LEVOAI_ORG_ID}" \ + -e TERM=xterm-256color \ + -ti $IMAGE_NAME start --key "${LEVOAI_AUTH_KEY}" --organization "${LEVOAI_ORG_ID}" + + if [[ $? -eq 0 ]]; then + echo "'$CONTAINER_NAME' started successfully!" + echo "You can view logs using the following command:" + echo " docker logs -f $CONTAINER_NAME" + else + echo "Failed to start the $CONTAINER_NAME." + fi +} + +# Function to stop the container +stop_container() { + if docker ps --filter "name=$CONTAINER_NAME" --format "{{.Names}}" | grep -q "$CONTAINER_NAME"; then + echo "Stopping the $CONTAINER_NAME..." + docker stop $CONTAINER_NAME > /dev/null + echo "Removing the $CONTAINER_NAME..." + docker rm $CONTAINER_NAME > /dev/null + echo "$CONTAINER_NAME has been stopped and removed." + else + echo "No running container found with name $CONTAINER_NAME." + fi +} + +# Main script logic +case "$1" in + start) + if [[ "$2" == "--help" || "$2" == "-h" ]]; then + show_start_usage + else + start_container + fi + ;; + stop) + stop_container + ;; + --help|-h) + show_usage + ;; + *) + echo "Invalid argument: $1" + show_usage + exit 1 + ;; +esac + diff --git a/static/img/logo-dark.svg b/static/img/logo-dark.svg new file mode 100644 index 000000000..671c8a28d --- /dev/null +++ b/static/img/logo-dark.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/static/img/logo.svg b/static/img/logo-light.svg similarity index 100% rename from static/img/logo.svg rename to static/img/logo-light.svg diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/cookie-poisoning.md b/vulnerabilities_versioned_docs/version-v1/Baseline/cookie-poisoning.md index d58c600b8..717b9c7aa 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/cookie-poisoning.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/cookie-poisoning.md @@ -1,3 +1,7 @@ +--- +title: "Prevent Session Hijacking: Stop Cookie Poisoning Attacks" +--- + # Cookie Poisoning Via Query/Body Parameters ![Cookie Poisoning](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/cross-domain-misconfiguration-passive.md b/vulnerabilities_versioned_docs/version-v1/Baseline/cross-domain-misconfiguration-passive.md index 1230ccd28..7fa0a7918 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/cross-domain-misconfiguration-passive.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/cross-domain-misconfiguration-passive.md @@ -1,3 +1,6 @@ +--- +title: "Prevent Unauthorized Access: Address API CORS Issues" +--- # Cross-Domain (CORS) Misconfiguration (Passive) ![Cross-Domain Misconfiguration (Passive)](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/http-server-response-header.md b/vulnerabilities_versioned_docs/version-v1/Baseline/http-server-response-header.md index 6bcdbd8bc..7c81f2a4b 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/http-server-response-header.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/http-server-response-header.md @@ -1,3 +1,6 @@ +--- +title: "OWASP Baseline: Secure API Response Headers" +--- # Information Leak Via 'Server' HTTP Response Header ![Server Header Info Leak](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-debug-error-messages.md b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-debug-error-messages.md index 6ee44a31d..9406bdd87 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-debug-error-messages.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-debug-error-messages.md @@ -1,3 +1,6 @@ +--- +title: "Debug Error Messages Vulnerability | Levo.ai" +--- # Information Disclosure - Debug Error Messages ![Debug Error Messages](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-http-referrer-header.md b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-http-referrer-header.md index 8c70f7eda..ba0155f00 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-http-referrer-header.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-http-referrer-header.md @@ -1,3 +1,6 @@ +--- +title: "API Security: Prevent Leaks via HTTP Referrer Headers" +--- # Information Disclosure - Sensitive Information in HTTP Referrer Header ![Information Disclosure - Referrer Header](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-url.md b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-url.md index 4e72ae63d..ef90901ac 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-url.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/information-disclosure-sensitive-information-in-url.md @@ -1,3 +1,6 @@ +--- +title: "Sensitive Data in URL Vulnerability | Levo.ai" +--- # Information Disclosure - Sensitive Information in URL ![Information Disclosure - Sensitive Information in URL](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/open-redirect.md b/vulnerabilities_versioned_docs/version-v1/Baseline/open-redirect.md index b64d35fab..3aea2202e 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/open-redirect.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/open-redirect.md @@ -1,3 +1,6 @@ +--- +title: "Stop Phishing Attacks: Prevent API Open Redirects" +--- # Open/Unrestricted URL Redirect Via URL Query Parameter ![Open URL Redirect](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/Baseline/server-leaks-information-via-x-powered-by-http-response-header-field-s.md b/vulnerabilities_versioned_docs/version-v1/Baseline/server-leaks-information-via-x-powered-by-http-response-header-field-s.md index 2aed0827a..ac1feaea4 100644 --- a/vulnerabilities_versioned_docs/version-v1/Baseline/server-leaks-information-via-x-powered-by-http-response-header-field-s.md +++ b/vulnerabilities_versioned_docs/version-v1/Baseline/server-leaks-information-via-x-powered-by-http-response-header-field-s.md @@ -1,3 +1,6 @@ +--- +title: "API Security: Prevent Info Disclosure in Response Headers" +--- # Information Leak Via 'X-Powered-By' HTTP Response Header ![X-Powered-By Info Leak](../assets/baseline/baseline-vuln.svg) diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A1-BOLA.md b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A1-BOLA.md index 9a7a9dfad..3748f290b 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A1-BOLA.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A1-BOLA.md @@ -1,5 +1,7 @@ --- sidebar_position: 1 +description: "Understand OWASP API Security Top 10 - A1: BOLA with Levo.ai. Learn about Broken Object Level Authorization vulnerabilities and mitigation strategies." +title: "API A1 - Broken Object Level Authorization | Levo.ai" --- # API A1 - Broken Object Level Authorization diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A10-Insufficient-Logging.md b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A10-Insufficient-Logging.md index 4035a2dd8..61b1f4b94 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A10-Insufficient-Logging.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A10-Insufficient-Logging.md @@ -1,5 +1,6 @@ --- sidebar_position: 10 +title: "API Security: Fix Insufficient Logging (OWASP A10)" --- # API A10 - Insufficient Logging & Monitoring diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A2-BUA.md b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A2-BUA.md index 55fa35e55..c20e624b3 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A2-BUA.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A2-BUA.md @@ -1,5 +1,7 @@ --- sidebar_position: 2 +description: "Understand OWASP API Security Top 10 - A2: BUA with Levo.ai. Learn about Broken User Authentication vulnerabilities and how to mitigate them." + --- # API A2 - Broken Authentication diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A4-Rate-Limits.md b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A4-Rate-Limits.md index 2830b6217..0e702fc17 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A4-Rate-Limits.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A4-Rate-Limits.md @@ -1,5 +1,6 @@ --- sidebar_position: 4 +title: "API A4 - Rate Limits & Resource Controls | Levo.ai" --- # API A4 - Lack of Resources and Rate Limits diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A5-BFLA.md b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A5-BFLA.md index bcad190bb..2bdb28faf 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A5-BFLA.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-API-10/A5-BFLA.md @@ -1,5 +1,6 @@ --- sidebar_position: 5 +title: "API A5 - Broken Function Level Authorization | Levo.ai" --- # API A5 - Broken Function Level Authorization diff --git a/vulnerabilities_versioned_docs/version-v1/OWASP-WEB-10/A6-Vulnerable-Components/A6-index.md b/vulnerabilities_versioned_docs/version-v1/OWASP-WEB-10/A6-Vulnerable-Components/A6-index.md index c53135476..2f3f7addb 100644 --- a/vulnerabilities_versioned_docs/version-v1/OWASP-WEB-10/A6-Vulnerable-Components/A6-index.md +++ b/vulnerabilities_versioned_docs/version-v1/OWASP-WEB-10/A6-Vulnerable-Components/A6-index.md @@ -1,5 +1,6 @@ --- sidebar_position: 1 +title: "API Security | Addressing OWASP A6 Vulnerabilities" --- # Web A6 - Vulnerable and Outdated Components