So problem has been tracked down. It affects only Modsecurity3 / Nginx. With CRS 4 the blocking rules are no longer logged with a severity which makes the Crowdsec parser to ignore it.
If Nginx error log level is set to ‘info’ the detection rule is logged to the error.log and the Crowdsec parser will detect the log entries.