Version: v1.2

Format

Scenario configuration example#

/etc/crowdsec/collections/linux.yaml

#the list of parsers it containsparsers:  - crowdsecurity/syslog-logs  - crowdsecurity/geoip-enrich  - crowdsecurity/dateparse-enrich#the list of collections it containscollections:  - crowdsecurity/sshd# the list of postoverflows it contains# postoverflows:#   - crowdsecurity/seo-bots-whitelist# the list of scenarios it contains# scenarios:#   - crowdsecurity/http-crawl-non_staticsdescription: "core linux support : syslog+geoip+ssh"author: crowdsecuritytags:  - linux

Collection directives#

`parsers`#

parsers: <list_of_parsers>

List of parsers to include in the collection.

`scenarios`#

scenarios: <list_of_scenarios>

List of scenarios to include in the collection.

`postoverflows`#

postoverflows: <list_of_postoverflows>

List of postoverflows to include in the collection.

The description is mandatory.

It is a quick sentence describing what it detects.

`description`#

description: <short_description>

The description is mandatory.

It is a quick sentence describing what it detects.

`author`#

author: <name_of_the_author>

The name of the author.

`tags`#

tags: <list_of_tags>

List of tags.

Scenario configuration example#

Collection directives#

parsers#

scenarios#

postoverflows#

description#

author#