[do-not-merge] Waf Challenge Collection#1826
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new CrowdSec Hub collection intended to enable an AppSec “bot challenge” mode, including dedicated parsing of challenge events, scenarios for bot/challenge abuse detection, and a context to surface bot-detection signals.
Changes:
- Introduces
crowdsecurity/appsec-bot-challengecollection bundling new appsec-configs, parser(s), scenarios, and contexts. - Splits AppSec parsing to route
crowdsec-appsec-challengeevents into a dedicated parser. - Adds new scenarios for bot detection and challenge abuse tracking, plus a context for more readable alert output.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| scenarios/crowdsecurity/challenge-too-many-submit.yaml | New leaky scenario for excessive challenge submissions |
| scenarios/crowdsecurity/challenge-too-many-request.yaml | New leaky scenario for excessive challenge page requests |
| scenarios/crowdsecurity/challenge-request-with-no-submission.yaml | New counter scenario tracking requests that don’t lead to submissions |
| scenarios/crowdsecurity/appsec-bot-detected.yaml | New trigger scenario for fast bot detection rejections |
| parsers/s01-parse/crowdsecurity/appsec-logs.yaml | Updates filter to exclude challenge-source AppSec events |
| parsers/s01-parse/crowdsecurity/appsec-bot-detection-logs.yaml | New parser for challenge/bot-detection AppSec events |
| contexts/crowdsecurity/appsec_bot_detection.yaml | New context to present fingerprint/session and bot-signal details |
| collections/crowdsecurity/appsec-bot-challenge.yaml | New collection wiring parsers, appsec-configs, scenarios, and contexts |
| collections/crowdsecurity/appsec-bot-challenge.md | New documentation for enabling the collection |
| appsec-configs/crowdsecurity/simple-bot-challenge.yaml | New inband config to send challenges and reject known bots on submit |
| appsec-configs/crowdsecurity/challenge-exclude-webhooks.yaml | New pre-eval exclusions for specific webhook paths |
| appsec-configs/crowdsecurity/challenge-exclude-feeds.yaml | New pre-eval exclusions for feed endpoints |
| appsec-configs/crowdsecurity/challenge-exclude-crawler-files.yaml | New pre-eval exclusions for crawler well-known files |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor, ✅ The new VPATCH Rule is compliant, thank you for your contribution! |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor and thank you for your contribution! ❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection: 🔴 crowdsecurity/vpatch-CVE-2025-40552 🔴 |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
in terms of |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor, ✅ The new VPATCH Rule is compliant, thank you for your contribution! |
|
Hello @buixor, ✅ The new VPATCH Rule is compliant, thank you for your contribution! |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor, ✅ The new VPATCH Rule is compliant, thank you for your contribution! |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
|
Hello @buixor, ✅ The new VPATCH Rule is compliant, thank you for your contribution! |
|
Hello @buixor, Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution! |
No description provided.