feat: add Proxmox Backup Server (PBS) support by nicoh88 · Pull Request #1701 · crowdsecurity/hub

nicoh88 · 2026-02-25T14:01:46Z

Includes:

Parser for PBS API auth logs (pbs_failed-auth / pbs_success-auth)
Bruteforce scenario (triggers on 6 failed logins within 10s)
Complete hubtests for parser and scenario
Collection bundling the PBS setup and documentation

Thanks:
@fulljackz for Proxmox parsers and scenarios.

Includes: - Parser for PBS API auth logs (pbs_failed-auth / pbs_success-auth) - Bruteforce scenario (triggers on 6 failed logins within 10s) - Complete hubtests for parser and scenario - Collection bundling the PBS setup and documentation

sabban · 2026-03-03T10:25:03Z

Hi,

Thank you for your contribution!

It seems the tests are not passing; something is off with the parsed IP:

(L.34)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][0].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][0].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.46)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][0].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][0].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

(L.50)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][1].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][1].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.62)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][1].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][1].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

(L.66)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][2].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][2].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.78)  🔴  => results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][2].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s01-parse"]["nicoh88/proxmox-backup-auth-logs"][2].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

(L.95)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.107)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

(L.113)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.125)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

(L.131)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["client_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["client_ip"] = '::ffff:31.54.38.23'

(L.143)  🔴  => results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "31.54.38.23"
        Actual expression values:
            results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] = '::ffff:31.54.38.23'

Did I miss something?

Regards,

nicoh88 · 2026-03-03T13:46:50Z

@sabban fixed. re-run.

nicoh88 added 2 commits February 25, 2026 14:59

feat: add Proxmox Backup Server (PBS) support

d6cf87f

Includes: - Parser for PBS API auth logs (pbs_failed-auth / pbs_success-auth) - Bruteforce scenario (triggers on 6 failed logins within 10s) - Complete hubtests for parser and scenario - Collection bundling the PBS setup and documentation

fix: proxmox-backup-auth-logs.yaml

33a521f

fix: proxmox-backup tests

6ca89b2

Merge branch 'master' into master

1053f39

sabban merged commit 1007103 into crowdsecurity:master Mar 16, 2026
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add Proxmox Backup Server (PBS) support#1701

feat: add Proxmox Backup Server (PBS) support#1701
sabban merged 4 commits intocrowdsecurity:masterfrom
nicoh88:master

nicoh88 commented Feb 25, 2026

Uh oh!

sabban commented Mar 3, 2026

Uh oh!

nicoh88 commented Mar 3, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

nicoh88 commented Feb 25, 2026

Uh oh!

sabban commented Mar 3, 2026

Uh oh!

nicoh88 commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

nicoh88 commented Mar 3, 2026 •

edited

Loading