Change appsec scenarios mitre technique by AlteredCoder · Pull Request #1792 · crowdsecurity/hub

AlteredCoder · 2026-05-07T10:34:37Z

Description

Checklist

I have read the contributing guide
I have tested my changes locally
For new parsers or scenarios, tests have been added
I have run the hub linter and no issues were reported (see contributing guide)
Automated tests are passing
AI was used to generate any/all content of this PR

github-actions · 2026-05-07T10:35:18Z

Hello @AlteredCoder and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information.
I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/crs-exclusion-plugin-cpanel:

labels not found

crowdsecurity/crs-exclusion-plugin-dokuwiki:

labels not found

crowdsecurity/crs-exclusion-plugin-drupal:

labels not found

crowdsecurity/crs-exclusion-plugin-nextcloud:

labels not found

crowdsecurity/crs-exclusion-plugin-phpbb:

labels not found

crowdsecurity/crs-exclusion-plugin-phpmyadmin:

labels not found

crowdsecurity/crs-exclusion-plugin-wordpress:

labels not found

crowdsecurity/crs-exclusion-plugin-xenforo:

labels not found

Mitre ATT&CK

Information about mitre attack can be found here.
As an example, some common mitre attack techniques:

T1110 for bruteforce attacks
T1595 and T1190 for exploitation of public vulnerabilities
T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

github-actions · 2026-05-07T10:35:36Z

Hello @AlteredCoder and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information.
I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/crs-exclusion-plugin-cpanel:

labels not found

crowdsecurity/crs-exclusion-plugin-dokuwiki:

labels not found

crowdsecurity/crs-exclusion-plugin-drupal:

labels not found

crowdsecurity/crs-exclusion-plugin-nextcloud:

labels not found

crowdsecurity/crs-exclusion-plugin-phpbb:

labels not found

crowdsecurity/crs-exclusion-plugin-phpmyadmin:

labels not found

crowdsecurity/crs-exclusion-plugin-wordpress:

labels not found

crowdsecurity/crs-exclusion-plugin-xenforo:

labels not found

Mitre ATT&CK

Information about mitre attack can be found here.
As an example, some common mitre attack techniques:

T1110 for bruteforce attacks
T1595 and T1190 for exploitation of public vulnerabilities
T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

Copilot

Pull request overview

Updates the MITRE ATT&CK technique classification for CrowdSec AppSec scenarios to better reflect “Exploit Public-Facing Application” events.

Changes:

Switch MITRE technique tag from attack.T1110 to attack.T1190 in appsec-native and appsec-vpatch.
Reformat appsec-vpatch’s filter string across two lines (no logic change intended).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
scenarios/crowdsecurity/appsec-vpatch.yaml	Updates ATT&CK technique to `T1190`; minor filter formatting change.
scenarios/crowdsecurity/appsec-native.yaml	Updates ATT&CK technique to `T1190`.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

github-actions · 2026-05-07T10:37:19Z

Hello @AlteredCoder and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information.
I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/crs-exclusion-plugin-cpanel:

labels not found

crowdsecurity/crs-exclusion-plugin-dokuwiki:

labels not found

crowdsecurity/crs-exclusion-plugin-drupal:

labels not found

crowdsecurity/crs-exclusion-plugin-nextcloud:

labels not found

crowdsecurity/crs-exclusion-plugin-phpbb:

labels not found

crowdsecurity/crs-exclusion-plugin-phpmyadmin:

labels not found

crowdsecurity/crs-exclusion-plugin-wordpress:

labels not found

crowdsecurity/crs-exclusion-plugin-xenforo:

labels not found

Mitre ATT&CK

Information about mitre attack can be found here.
As an example, some common mitre attack techniques:

T1110 for bruteforce attacks
T1595 and T1190 for exploitation of public vulnerabilities
T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

Change appsec scenarios mitre technique

a7e95b1

Copilot AI review requested due to automatic review settings May 7, 2026 10:34

Update appsec-native.yaml

41035d9

Copilot started reviewing on behalf of AlteredCoder May 7, 2026 10:35 View session

Update appsec-vpatch.yaml

da29f61

Copilot AI reviewed May 7, 2026

View reviewed changes

buixor approved these changes May 7, 2026

View reviewed changes

blotus approved these changes May 7, 2026

View reviewed changes

AlteredCoder merged commit 4afb043 into master May 7, 2026
6 of 7 checks passed

AlteredCoder deleted the fix-waf-scenario-mitre branch May 7, 2026 10:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change appsec scenarios mitre technique#1792

Change appsec scenarios mitre technique#1792
AlteredCoder merged 3 commits into
masterfrom
fix-waf-scenario-mitre

AlteredCoder commented May 7, 2026

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

github-actions Bot commented May 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

AlteredCoder commented May 7, 2026

Description

Checklist

Uh oh!

github-actions Bot commented May 7, 2026

Mitre ATT&CK

CVEs

Behaviors

Uh oh!

github-actions Bot commented May 7, 2026

Mitre ATT&CK

CVEs

Behaviors

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

github-actions Bot commented May 7, 2026

Mitre ATT&CK

CVEs

Behaviors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants