Custom scenario labels (Behavior/MITRE/CVE) not appearing in CrowdSec Console

Lukes · February 22, 2026, 5:24am

Hello,

Is it possible to pass Behavior, MITRE technique, and CVE metrics to the CrowdSec Console for custom scenarios?

For my custom scenarios, I have defined the following labels:

labels:
  remediation: true
  classification:
    - attack.T1595
  behavior: "http:scan"
  label: "WordPress Vuln Hunting"
  spoofable: 0
  service: wordpress
  confidence: 3

I have already applied the settings, but I still see the following in the Console:

Behavior: No behavior associated with this scenario
MITRE technique: No MITRE technique associated with this scenario.
CVE: No CVE associated with this scenario.

Thanks in advance!

iiAmLoz · February 23, 2026, 11:12am

Answered on reddit Reddit - The heart of the internet

Topic		Replies	Views
Creating scenario for CVE-2023-22515 crowdsec	4	465	October 6, 2023
Abuseip confidence score and total reports enricher	0	32	December 10, 2025
Question about how to read the metrics	11	3946	January 27, 2021
Request for comments : parsers & scenarios customization in the CrowdSec agent crowdsec	11	2684	December 10, 2024
Scenarios and changes? crowdsec	1	56	August 15, 2025

Custom scenario labels (Behavior/MITRE/CVE) not appearing in CrowdSec Console

Related topics