section 2 firs draft

jdv · jdv · commit 741677efc561 · 2025-06-05T17:27:44.000+02:00
diff --git a/crowdsec-docs/unversioned/user_guides/interactive_se_install/02_parsers_scenarios copy.mdx b/crowdsec-docs/unversioned/user_guides/interactive_se_install/02_parsers_scenarios copy.mdx
@@ -15,3 +15,62 @@ blabla
 
 ## Choosing what you need to protect your services
 
+To detect malicious behaviors targeting your services the (CrowdSec) Security Engine will need t be able to parse your services' logs and apply detection rules on them AKA **Scenarios**.  
+Our parsers and Scenarios are available on the [CrowdSec Hub](https://hub.crowdsec.net/), and are regrouped into **Collections** to make it more convenient to install as a whole.
+Let's see what parsers and Scenarios you need to install to protect your services, and how to install them.
+
+### Instructions
+
+A typical use case would be to want to protect a web server, having an open ssh access.  
+You'd want parsers for your webserver logs (e.g. Nginx, Apache) and for your SSH logs, as well as the corresponding Scenarios to detect malicious behaviors.  
+In the case of NGINX being your reverse proxy you would want the NGINX parser AND all the scenarios related to protecting HTTP:   
+The [nginx collection](https://app.crowdsec.net/hub/author/crowdsecurity/collections/nginx) would be one you want to install.  
+- It embeds the NGINX parser, as well as the Base HTTP scenarios collection and an additionnal NGINX specific scenario triggerring on nginx request limit exceeded.
+- You can install it with the following command:
+```bash 
+crowdsec collections install crowdsecurity/nginx
+``` 
+
+To protect your SSH accessed Linux server you would want the [linux collection](https://app.crowdsec.net/hub/author/crowdsecurity/collections/linux) which includes the Linux parser and a set of scenarios to detect malicious SSH behaviors.
+- You can install it with the following command:
+```bash
+crowdsec collections install crowdsecurity/linux
+```
+
+One way you cna proceed for your own usecase is:
+1. look for a logparser specific for your service in the [parser's section of the hub](https://app.crowdsec.net/hub/log-parsers)
+2. Once you have found the parser you need, check if there is a collection with the same name. If so, chose the colleciton it will be pre-packed with reommanded scenarios.
+3. You can browse other collections too or individual scenarios you might want to install. 
+    - Note that you're also able to [create your own scenarios if needed](https://doc.crowdsec.net/docs/next/log_processor/parsers/intro).
+4. Run the install you can find in the corresponding hub page
+5. Keep the hub page in mind there are usefull instrucitons to the next part of this guide.
+
+### Verification
+
+Let's check the installation of the parsers and scenarios was successfull.  
+After installing them you should restart the CrowdSec service to ensure the new parsers and scenarios are loaded:
+```bash
+sudo systemctl restart crowdsec
+``` 
+
+#### List of installed parsers and scenarios
+
+> [ ]  Check Collections, parsers and scenarios are installed
+```bash
+cscli collections list
+cscli parsers list
+cscli scenarios list
+``` 
+- You'll be able to verify that the parsers and scenarios you installed are listed in the output of these commands.
+
+> [ ]  Check scenarios are showing up in the console
+When clicking on the "Scenarios" part of your [Security engine tile in the CrowdSec console](https://app.crowdsec.net/security-engines), you should see the scenarios you installed listed there.   
+The tile itself should show you the count of scenarios that are installed on your Security Engine.
+
+### Troubleshooting
+
+<details>
+    <summary>Missing Scenarios</summary>
+    
+    @seb @laurence any reason why a scenario or colleciton would not install ? folder issue ? config ?
+</details>
diff --git a/crowdsec-docs/unversioned/user_guides/interactive_se_install/03_acquisition copy.mdx b/crowdsec-docs/unversioned/user_guides/interactive_se_install/03_acquisition copy.mdx
@@ -15,3 +15,24 @@ blabla
 
 ## Setting up acquisition datasources for detection
 
+
+### Instructions
+...
+
+### Verification
+
+Let's check ...
+
+#### CrowdSec installation health
+
+> [ ]  Check ...
+
+```bash
+...
+```
+- You should see ...
+- ...
+
+
+
+### Troubleshooting
diff --git a/crowdsec-docs/unversioned/user_guides/interactive_se_install/04_remediation.mdx b/crowdsec-docs/unversioned/user_guides/interactive_se_install/04_remediation.mdx
@@ -14,3 +14,23 @@ blabla
 
 ## Choosing and testing a remediation component
 
+### Instructions
+...
+
+### Verification
+
+Let's check ...
+
+#### CrowdSec installation health
+
+> [ ]  Check ...
+
+```bash
+...
+```
+- You should see ...
+- ...
+
+
+
+### Troubleshooting
