Merge branch 'dev'

docs/class1/class1.rst

@@ -63,7 +63,7 @@ During this class we will:
 
         var email = emailInput.value;
         localStorage.setItem('email', email);
-        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/${btoa(email)}`, {
+        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/f5xcemeaworkshop/${btoa(email)}`, {
             method: 'GET',
             headers: {
                 'Content-Type': 'application/json'

docs/class1/modulea2/modulea2.rst

@@ -30,7 +30,7 @@
 
         var email = emailInput.value;
         localStorage.setItem('email', email);
-        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/${btoa(email)}`, {
+        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/f5xcemeaworkshop/${btoa(email)}`, {
             method: 'GET',
             headers: {
                 'Content-Type': 'application/json'

docs/class2/class2.rst

@@ -69,7 +69,7 @@ During this class we will:
 
         var email = emailInput.value;
         localStorage.setItem('email', email);
-        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/${btoa(email)}`, {
+        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/f5xcemeaworkshop/${btoa(email)}`, {
             method: 'GET',
             headers: {
                 'Content-Type': 'application/json'

docs/class3/class3.rst

@@ -55,7 +55,7 @@ During this class we will:
 
         var email = emailInput.value;
         localStorage.setItem('email', email);
-        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/${btoa(email)}`, {
+        fetch(`https://f5xclabmgmt.vltr.nginx-experience.com/v1/student/f5xcemeaworkshop/${btoa(email)}`, {
             method: 'GET',
             headers: {
                 'Content-Type': 'application/json'

docs/class4/class4.rst

@@ -0,0 +1,28 @@
+Class 4 - API Protection
+########################
+
+Lab Maintainers:
+
+  Matthieu Dierick <[email protected]>
+
+  Sorin Boiangiu <[email protected]>   
+
+|
+
+Welcome to the F5 Distributed Cloud - API Protection lab
+
+Distributed Cloud API Security provides discovery and deep insights from use of AI/ML. Identify shadow APIs and block API attacks in real time and eliminate vulnerabilities at their source. The SaaS-based portal enables users to manage and go deep for threat analytics, forensics, and troubleshooting of API communications for modern applications.
+
+APIs change frequently:
+
+* Easily identify all API endpoints mapped to your applications and monitor anomalous activities or shadow APIs including blocking of suspicious requests and endpoints. 
+* Generate API schema and Swagger files to minimize manual tracking of API endpoints. 
+* Reduce time spent configuring and deploying API security policies.
+
+
+
+.. toctree::
+   :maxdepth: 2
+   :glob:
+
+   module*/module*

docs/class4/module1/lab1/lab1.rst

@@ -0,0 +1,105 @@
+Expose the modern API application on F5XC
+=========================================
+
+In this lab, we will use a modern application based on API first.
+You can find more details about this app, on Github : https://github.com/f5devcentral/sentence-demo-app
+
+In a nutshell, this application is composed of multiple technology frameworks.
+
+This app will generate a sentence :)
+
+.. image:: ../pictures/sentence-demo-app.png
+   :align: center
+
+App Documentation
+-----------------
+
+Every ``WORD`` pod delivers a list of ``WORDS``. Then, the ``GENERATOR`` select one ``WORD`` per POD, and generates a ``SENTENCE`` in a JSON format
+
+.. image:: ../pictures/topology.png
+   :align: center
+
+.. code-block:: JSON
+
+    {
+        "adjectives": "proud",
+        "animals": "lion",
+        "colors": "blue",
+        "locations": "park"
+    }
+
+
+Then, the frontend web application will ``display`` all the ``words`` in a ``sentence``. If one micro-service is not deployed, the word is not displayed.
+
+In term of micro-services, this is how there are used by the Webapp frontend.
+
+.. image:: ../pictures/webapp-containers.png
+   :align: center
+
+
+Expose the application on your F5 Distributed Cloud Namespace
+-------------------------------------------------------------
+
+For this lab, we will use the following configuration
+
+1. Create the Origin Pool targeting Sentence public app
+
+a) Web App & API Protection -> Load Balancers -> Origin Pool -> Add Origin Pool -> Fill the bellow data
+
+   .. table:: 
+      :widths: auto
+
+      ==============================    ========================================================================================
+      Object                            Value
+      ==============================    ========================================================================================
+      **Name**                          sentence-public-endpoint
+
+      **Port**                          80
+
+      **TLS**                           Disable
+      ==============================    ========================================================================================
+
+b) In the same screen -> Origin Servers -> Add Item -> Fill the bellow data -> Apply -> Save and exit
+
+   .. table:: 
+      :widths: auto
+
+      ====================    ========================================================================================
+      Object                  Value
+      ====================    ========================================================================================
+      **DNS name**            sentence.emea.f5se.com
+      ====================    ========================================================================================
+
+   .. raw:: html   
+
+      <script>c1m1l2a();</script>  
+
+1. Create the HTTP LB
+
+a) Web App & API Protection -> Load Balancers -> HTTP Load Balancer -> Add HTTP Load Balancer -> Fill the bellow data -> Save and exit
+
+   .. table:: 
+      :widths: auto
+
+      ====================================    =================================================================================================
+      Object                                  Value
+      ====================================    =================================================================================================
+      **Name**                                sentence-re-lb
+
+      **Domains**                             sentence-re-$$makeId$$.workshop.emea.f5se.com
+
+      **Load Balancer Type**                  HTTP
+
+      **Automatically Manage DNS Records**    Enable 
+
+      **Origin Pools**                        Click **Add Item**, for the **Origin Pool** select $$namespace$$/sentence-public-endpoint -> Apply
+      ====================================    =================================================================================================
+
+   .. raw:: html   
+
+      <script>c1m1l2b();</script>  
+
+3. So far, Sentence application is not protected but exposed all over the world on all F5XC RE. 
+Check your Sentence application is exposed and reachable from the F5XC Global Network by browsing to :ext_link:`http://sentence-re-$$makeId$$.workshop.emea.f5se.com`
+
+.. warning:: Some Service Providers have a very long recursive cache. It can take several minutes to get a DNS response. You can change your DNS server to 1.1.1.1 or 8.8.8.8 to fix that.

docs/class4/module1/lab2/lab2.rst

@@ -0,0 +1,21 @@
+Protect the modern API application with F5XC - static protection
+================================================================
+
+Assign OpenAPI spec file to the LB
+----------------------------------
+
+Upload file
+^^^^^^^^^^^
+
+Create API Def
+^^^^^^^^^^^^^^
+
+Assign API def to LB
+^^^^^^^^^^^^^^^^^^^^
+
+Apply API Protection rules
+--------------------------
+
+Create the default API Protection rule
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+

docs/class4/module1/lab3/lab3.rst

@@ -0,0 +1,3 @@
+Test your modern API application protection
+===========================================
+

docs/class4/module1/module1.rst

@@ -0,0 +1,14 @@
+Static API Protection
+#####################
+
+In this section, we will protect a modern API application with F5 Distributed Cloud. We will start by a **static** protection where SecOps apply the OpenAPI file to the protected application.
+
+
+
+**Module 1 - All sections**
+
+.. toctree::
+   :maxdepth: 1
+   :glob:
+
+   lab*/lab*

docs/class4/module2/lab1/lab1.rst

@@ -0,0 +1,10 @@
+Enable API discovery
+====================
+
+Enable Endpoint Discovery
+-------------------------
+
+
+Enable PII Discovery
+--------------------
+

docs/class4/module2/lab2/lab2.rst

@@ -0,0 +1,18 @@
+API Discovery outcomes
+======================
+
+Endpoint Discovery
+------------------
+
+
+PII Discovery
+-------------
+
+
+
+Authentication Discovery
+------------------------
+
+
+AI/ML Security Posture
+----------------------

docs/class4/module2/module2.rst

@@ -0,0 +1,13 @@
+Dynamic API Protection
+######################
+
+In this section, we will protect the same modern application with F5 Distributed Cloud, but we will enable the **dynamic** protection where SecOps apply the API Discovery and validation.
+
+
+**Module 2 - All sections**
+
+.. toctree::
+   :maxdepth: 1
+   :glob:
+
+   lab*/lab*