name: enforce_mfa
#debug: true
filters:
 - 'Alert.Remediation == true && Alert.GetScenario() == "crowdsecurity/ssh-enforce-mfa" && Alert.GetScope() == "username"'
decisions: #remediation vs decision
 - type: enforce_mfa
   scope: "username"
   duration: 1h
on_success: continue
---
name: default_ip_remediation
#debug: true
filters:
#  try types.Ip here :)
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
 - type: ban
   duration: 1h
on_success: break
---
#this one won't be reached ^^
name: default_ip_remediation_2
#debug: true
filters:
#  try types.Ip here :)
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
 - type: ratatatata
   duration: 1h
on_success: break