diff --git a/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml b/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
index b19c1c9b843..e7315208d62 100644
--- a/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
+++ b/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/http-bf-wordpress_bf_xmlrpc
-description: "detect wordpress bruteforce on xmlrpc"
+description: "Detect WordPress bruteforce on XML-RPC endpoint"
 debug: false
 # XMLRPC always returns 200
 filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name == 'xmlrpc.php' && evt.Parsed.verb == 'POST'"
diff --git a/scenarios/crowdsecurity/impossible-travel.yaml b/scenarios/crowdsecurity/impossible-travel.yaml
index 1ec6745ea5c..5df137184dd 100644
--- a/scenarios/crowdsecurity/impossible-travel.yaml
+++ b/scenarios/crowdsecurity/impossible-travel.yaml
@@ -1,7 +1,7 @@
 ## Generic bucket to handle impossible travel for authentication
 type: conditional
 name: crowdsecurity/impossible-travel
-description: "impossible travel"
+description: "Detect Impossible Travel"
 filter: "evt.Meta.log_type == 'auth_success' && evt.Meta.user not in ['', nil]"
 groupby: "evt.Meta.service + evt.Meta.user"
 # To make it generic we concatenate the service name and the user
diff --git a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
index b9c7e26a229..593c0ec02c2 100644
--- a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
+++ b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/iptables-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans"
 filter: "evt.Meta.log_type == 'iptables_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port
diff --git a/scenarios/firewallservices/pf-scan-multi_ports.yaml b/scenarios/firewallservices/pf-scan-multi_ports.yaml
index e745f3ecac6..a189240dd77 100644
--- a/scenarios/firewallservices/pf-scan-multi_ports.yaml
+++ b/scenarios/firewallservices/pf-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: firewallservices/pf-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans (pf)"
 filter: "evt.Meta.log_type == 'pf_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port