Honeypots rebase (#879)

rebase master on honeypots

.index.json

@@ -1524,6 +1524,48 @@
     "crowdsecurity/palo-alto-threat"
    ]
   },
+  "crowdsecurity/pfsense": {
+   "path": "collections/crowdsecurity/pfsense.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "cc77813340e5e49379dcae520d2da5b2d5b9451eca6cbe7f5a68b6f9ad302d75",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgcGZTZW5zZSBjb2xsZWN0aW9uCgpUaGlzIHBmU2Vuc2UgY29sbGVjdGlvbiBzdXBwb3J0cyA6CiAtIHNzaCBwYXJzZXJzICYgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KIC0gd2ViIGF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIHBvcnQgc2NhbiBkZXRlY3Rpb24K",
+   "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVic2QKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWkKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngKICAtIGZpcmV3YWxsc2VydmljZXMvcGYKZGVzY3JpcHRpb246ICJjb3JlIHBmc2Vuc2Ugc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCg==",
+   "description": "core pfsense support",
+   "author": "crowdsecurity",
+   "labels": null,
+   "collections": [
+    "crowdsecurity/freebsd",
+    "crowdsecurity/pfsense-gui",
+    "crowdsecurity/nginx",
+    "firewallservices/pf"
+   ]
+  },
+  "crowdsecurity/pfsense-gui": {
+   "path": "collections/crowdsecurity/pfsense-gui.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "5e3c9d329eb515265634bcb8684180c2df2d01431273b6d1a9123e972109f408",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gY29sbGVjdGlvbgoKU3VwcG9ydCB0byBkZXRlY3QgYnJ1dGVmb3JjZSBvbiB0aGUgcGZTZW5zZSB3ZWIgcG9ydGFsCg==",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bmc2Vuc2UtZ3VpLWJmCmRlc2NyaXB0aW9uOiAicGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBwZnNlbnNlCiAgLSBicnV0ZWZvcmNlCiAgLSBzY2FuCg==",
+   "description": "pfSense web authentication support",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/pfsense-gui-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/pfsense-gui-bf"
+   ]
+  },
   "crowdsecurity/pgsql": {
    "path": "collections/crowdsecurity/pgsql.yaml",
    "version": "0.1",
@@ -3509,7 +3551,7 @@
   "crowdsecurity/mssql-logs": {
    "path": "parsers/s01-parse/crowdsecurity/mssql-logs.yaml",
    "stage": "s01-parse",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "9c99578104a9158ada41bb8dd920575a83d494e6f6e2d166eb5773fb4d7023b1",
@@ -3518,10 +3560,14 @@
     "0.2": {
      "digest": "2c39d0c3f1cf4124d5e3cc113c733b2ef220522d01706b5434382240de10b147",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "b9dc0a3b53d5e1ad6eeae3e1beb04d01afe62111e80d5871b77caee2e7172cfd",
+     "deprecated": false
     }
    },
    "long_description": "UGFyc2VyIGZvciBNU1NRTCBMb2dzIHZpYSB3aW5ldmVudGxvZyBPUiBNU1NRTCBsb2dzIGZvciBbQXp1cmUtRWRnZS1TcWxdKGh0dHBzOi8vaHViLmRvY2tlci5jb20vXy9taWNyb3NvZnQtYXp1cmUtc3FsLWVkZ2UpIHZpYSBkb2NrZXIKCmBgYHlhbWwKLS0tCnNvdXJjZTogd2luZXZlbnRsb2cKZXZlbnRfY2hhbm5lbDogQXBwbGljYXRpb24KZXZlbnRfaWRzOgogLSAxODQ1NgpldmVudF9sZXZlbDogaW5mb3JtYXRpb24KbGFiZWxzOgogdHlwZTogbXNzcWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9pZDoKIC0gPERvY2tlciBDb250YWluZXIgSUQ+ICNBenVyZS1FZGdlLVNxbCBjb250YWluZXIgSUQKY29udGFpbmVyX25hbWVfcmVnZXhwOgogLSAuKm1zc3FsKgpsYWJlbHM6CiAgdHlwZTogbXNzcWwKYGBgCg==",
-   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIGV2dC5QYXJzZWQuU291cmNlID09ICdNU1NRTFNFUlZFUicgJiYgZXZ0LlBhcnNlZC5FdmVudElEID09ICcxODQ1NiciCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogQ291bGQgbm90IGZpbmQgYSBsb2dpbiBtYXRjaGluZyB0aGUgbmFtZSBwcm92aWRlZFxcLiIKICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVsyXSIpCiAgICBub2RlczoKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogIlxcW0NMSUVOVDogJXtJUDpzb3VyY2VfaXB9XFxdIgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVszXSIpCiAgICAgICAgICBzdGF0aWNzOgogICAgICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICB2YWx1ZTogYmFkX3VzZXIKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXNzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMV0iKQotLS0Kb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtdGV4dC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgbXNzcWwgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtc3NxbCciCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX0gTG9nb24uKkxvZ2luIGZhaWxlZCBmb3IgdXNlciAnJXtOT1REUVVPVEU6dXNlcn0nLiBSZWFzb246ICV7R1JFRURZREFUQTpyZWFzb25fbWVzc2FnZX0uIFxcW0NMSUVOVDogJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFxdIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLnJlYXNvbl9tZXNzYWdlID09ICdQYXNzd29yZCBkaWQgbm90IG1hdGNoIHRoYXQgZm9yIHRoZSBsb2dpbiBwcm92aWRlZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgICAgICB2YWx1ZTogYmFkX3Bhc3N3b3JkCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5yZWFzb25fbWVzc2FnZSA9PSAnQ291bGQgbm90IGZpbmQgYSBsb2dpbiBtYXRjaGluZyB0aGUgbmFtZSBwcm92aWRlZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgICAgICB2YWx1ZTogYmFkX3VzZXIKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogbXNzcWwKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IG1zc3FsX2ZhaWxlZF9hdXRoCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZSI=",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIChldnQuUGFyc2VkLlNvdXJjZSA9PSAnTVNTUUxTRVJWRVInIHx8IGV2dC5QYXJzZWQuU291cmNlIHN0YXJ0c1dpdGggJ01TU1FMJCcpICYmIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTg0NTYnIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IFBhc3N3b3JkIGRpZCBub3QgbWF0Y2ggdGhhdCBmb3IgdGhlIGxvZ2luIHByb3ZpZGVkXFwuIgogICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzJdIikKICAgIG5vZGVzOgogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAiXFxbQ0xJRU5UOiAle0lQOnNvdXJjZV9pcH1cXF0iCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzNdIikKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBiYWRfcGFzc3dvcmQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IENvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1zc3FsX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzFdIikKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L21zc3FsLXRleHQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXNzcWwnIgpwYXR0ZXJuX3N5bnRheDoKICBEQVRFX1lNRDogIiV7WUVBUjp5ZWFyfS0le01PTlRITlVNOm1vbnRofS0le01PTlRIREFZOmRheX0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9IExvZ29uLipMb2dpbiBmYWlsZWQgZm9yIHVzZXIgJyV7Tk9URFFVT1RFOnVzZXJ9Jy4gUmVhc29uOiAle0dSRUVEWURBVEE6cmVhc29uX21lc3NhZ2V9LiBcXFtDTElFTlQ6ICV7SVBPUkhPU1Q6c291cmNlX2lwfVxcXSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5yZWFzb25fbWVzc2FnZSA9PSAnUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQucmVhc29uX21lc3NhZ2UgPT0gJ0NvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG1zc3FsCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBtc3NxbF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUi",
    "description": "Parse mssql logs",
    "author": "crowdsecurity",
    "labels": null
@@ -8043,21 +8089,77 @@
   },
   "crowdsecurity/opnsense-gui-bf": {
    "path": "scenarios/crowdsecurity/opnsense-gui-bf.yaml",
-   "version": "0.1",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "15f0d4f03f1e18a8cd5d95467a13e86ebfd717354f53ba02b4d165e6537965bf",
      "deprecated": false
+    },
+    "0.2": {
+     "digest": "c1031635c18c69203a1e251d25da8f309182ed04221142e94e3a2ff1d8533af3",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "5f06456ab0875a8245a6863775ccfe215f3d8a38da562dbcb9de97756aea188a",
+     "deprecated": false
     }
    },
    "long_description": "IyMgT1BOU2Vuc2Ugd2ViIHBvcnRhbCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKRGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIHRoZSBPUE5TZW5zZSB3ZWIgcG9ydGFsIDoKIC0gbW9yZSB0aGFuIDUgYXR0ZW1wdHMKIC0gMTAgc2Vjb25kcyBiZXR3ZWVuIGVhY2gKCgo=",
-   "content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLXdlYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBvcG5zZW5zZS1ndWktYXV0aAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK",
+   "content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLWd1aS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT1BOc2Vuc2UgR1VJIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3Buc2Vuc2UK",
    "description": "Detect bruteforce on opnsense web interface",
    "author": "crowdsecurity",
    "labels": {
-    "remediation": "true",
-    "service": "opnsense-gui-auth",
-    "type": "bruteforce"
+    "behavior": "http:bruteforce",
+    "classification": [
+     "attack.T1110"
+    ],
+    "confidence": 3,
+    "label": "OPNsense GUI Bruteforce",
+    "remediation": true,
+    "service": "opnsense",
+    "spoofable": 0
+   }
+  },
+  "crowdsecurity/palo-alto-threat": {
+   "path": "scenarios/crowdsecurity/palo-alto-threat.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "9341b00080dbba122150bd55cd155e916fc9a972a6e956b96ed517b09618fbf1",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgUGFsbyBBbHRvIFRocmVhdAoKVGhpcyBzY2VuYXJpbyB0cmlnZ2VyIGFuIGFsZXJ0IGZvciBJUCByZXBvcnRlZCBieSBQYWxvIEFsdG8gVGhyZWF0IExvZyBpZiB0aGUgc2V2ZXJpdHkgb2YgdGhlIHRocmVhdCBpcyBoaWdoZXIgb3IgZXF1YWwgdG8gYG1lZGl1bWAu",
+   "content": "dHlwZTogdHJpZ2dlcgpkZWJ1ZzogZmFsc2UKbmFtZTogY3Jvd2RzZWN1cml0eS9wYWxvLWFsdG8tdGhyZWF0CmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gInBhbG9fYWx0byIgJiYgZXZ0Lk1ldGEuc2V2ZXJpdHkgaW4gWyJtZWRpdW0iLCAiaGlnaCIsICJjcml0aWNhbCJdCmRlc2NyaXB0aW9uOiBEZXRlY3QgcGFsbyBhbHRvIHRocmVhdCB3aXRoIGEgc2V2ZXJpdHkgaGlnaGVyIG9yIGVxdWFsIHRvIG1lZGl1bQpibGFja2hvbGU6IDJtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgo=",
+   "description": "Detect palo alto threat with a severity higher or equal to medium",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": true
+   }
+  },
+  "crowdsecurity/pfsense-gui-bf": {
+   "path": "scenarios/crowdsecurity/pfsense-gui-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "07019c43c3bbd31e077d12c85aea855332e6891db2605bae00a481dacf17826f",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgcGZTZW5zZSB3ZWIgcG9ydGFsIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgpEZXRlY3RzIGJydXRlZm9yY2UgYXR0ZW1wdHMgb24gdGhlIHBmU2Vuc2Ugd2ViIHBvcnRhbCA6CiAtIG1vcmUgdGhhbiA1IGF0dGVtcHRzCiAtIDEwIHNlY29uZHMgYmV0d2VlbiBlYWNoCgoK",
+   "content": "IyBwZnNlbnNlIHdlYiBhdXRoIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBvbiBwZnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3Bmc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJwZlNlbnNlIEdVSSBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IHBmc2Vuc2UK",
+   "description": "Detect bruteforce on pfsense web interface",
+   "author": "crowdsecurity",
+   "labels": {
+    "behavior": "http:bruteforce",
+    "classification": [
+     "attack.T1110"
+    ],
+    "confidence": 3,
+    "label": "pfSense GUI Bruteforce",
+    "remediation": true,
+    "service": "pfsense",
+    "spoofable": 0
    }
   },
   "crowdsecurity/pgsql-bf": {