Skip to main content
Security Engine version:
Version: v1.6

Format

Scenario configuration example

YAML
#the list of parsers it contains
parsers:
  - crowdsecurity/syslog-logs
  - crowdsecurity/geoip-enrich
  - crowdsecurity/dateparse-enrich
#the list of collections it contains
collections:
  - crowdsecurity/sshd
# the list of postoverflows it contains
# postoverflows:
#   - crowdsecurity/seo-bots-whitelist
# the list of scenarios it contains
# scenarios:
#   - crowdsecurity/http-crawl-non_statics
description: "core linux support : syslog+geoip+ssh"
author: crowdsecurity
tags:
  - linux

Collection directives

parsers

YAML
parsers: <list_of_parsers>

List of parsers to include in the collection.

scenarios

YAML
scenarios: <list_of_scenarios>

List of scenarios to include in the collection.

postoverflows

YAML
postoverflows: <list_of_postoverflows>

List of postoverflows to include in the collection.

The description is mandatory.

It is a quick sentence describing what it detects.

description

YAML
description: <short_description>

The description is mandatory.

It is a quick sentence describing what it detects.

author

YAML
author: <name_of_the_author>

The name of the author.

tags

YAML
tags: <list_of_tags>

List of tags.

CrowdSec Docs
We use cookies

This site uses cookies to help us improve your experience. You can accept or decline below.