Version: v1.4.0

Format

Scenario configuration example

#the list of parsers it contains
parsers:
  - crowdsecurity/syslog-logs
  - crowdsecurity/geoip-enrich
  - crowdsecurity/dateparse-enrich
#the list of collections it contains
collections:
  - crowdsecurity/sshd
# the list of postoverflows it contains
# postoverflows:
#   - crowdsecurity/seo-bots-whitelist
# the list of scenarios it contains
# scenarios:
#   - crowdsecurity/http-crawl-non_statics
description: "core linux support : syslog+geoip+ssh"
author: crowdsecurity
tags:
  - linux

Collection directives

`parsers`

parsers: <list_of_parsers>

List of parsers to include in the collection.

`scenarios`

scenarios: <list_of_scenarios>

List of scenarios to include in the collection.

`postoverflows`

postoverflows: <list_of_postoverflows>

List of postoverflows to include in the collection.

The description is mandatory.

It is a quick sentence describing what it detects.

`description`

description: <short_description>

The description is mandatory.

It is a quick sentence describing what it detects.

`author`

author: <name_of_the_author>

The name of the author.

`tags`

tags: <list_of_tags>

List of tags.

Scenario configuration example​

Collection directives​

parsers​

scenarios​

postoverflows​

description​

author​

tags​