diff --git a/.tests/foundryvtt-bf/config.yaml b/.tests/foundryvtt-bf/config.yaml
new file mode 100644
index 00000000000..1eb57df4727
--- /dev/null
+++ b/.tests/foundryvtt-bf/config.yaml
@@ -0,0 +1,13 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/dateparse-enrich
+  - ./parsers/s01-parse/eastcw/foundryvtt-logs.yaml
+scenarios:
+  - ./scenarios/eastcw/foundryvtt-bf.yaml
+postoverflows:
+  - ""
+log_file: foundryvtt-bf.log
+log_type: foundryvtt
+labels: {}
+ignore_parsers: true
+override_statics: []
diff --git a/.tests/foundryvtt-bf/foundryvtt-bf.log b/.tests/foundryvtt-bf/foundryvtt-bf.log
new file mode 100644
index 00000000000..d7e934269e6
--- /dev/null
+++ b/.tests/foundryvtt-bf/foundryvtt-bf.log
@@ -0,0 +1,8 @@
+{"ip":"192.168.1.165","level":"warn","message":"Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password","status":403,"timestamp":"2024-06-10 10:29:21"}
+{"ip":"192.168.1.165","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"51d183ff8c3b547a6a1883df","status":401,"timestamp":"2024-06-10 10:29:56"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:53"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:54"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:54"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:12:59"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:13:00"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:13:00"}
\ No newline at end of file
diff --git a/.tests/foundryvtt-bf/parser.assert b/.tests/foundryvtt-bf/parser.assert
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/.tests/foundryvtt-bf/scenario.assert b/.tests/foundryvtt-bf/scenario.assert
new file mode 100644
index 00000000000..4d67e2feb63
--- /dev/null
+++ b/.tests/foundryvtt-bf/scenario.assert
@@ -0,0 +1,57 @@
+len(results) == 1
+"::ffff:192.168.1.114" in results[0].Overflow.GetSources()
+results[0].Overflow.Sources["::ffff:192.168.1.114"].IP == "::ffff:192.168.1.114"
+results[0].Overflow.Sources["::ffff:192.168.1.114"].Range == ""
+results[0].Overflow.Sources["::ffff:192.168.1.114"].GetScope() == "Ip"
+results[0].Overflow.Sources["::ffff:192.168.1.114"].GetValue() == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[0].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[0].GetMeta("message") == "User authentication failed for user Gamemaster; invalid password"
+results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[0].GetMeta("status") == "401.000000"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-06-10T21:12:53Z"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[1].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[1].GetMeta("message") == "User authentication failed for user Gamemaster; invalid password"
+results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[1].GetMeta("status") == "401.000000"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-06-10T21:12:54Z"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[2].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[2].GetMeta("message") == "User authentication failed for user Gamemaster; invalid password"
+results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[2].GetMeta("status") == "401.000000"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-06-10T21:12:54Z"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[3].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[3].GetMeta("message") == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[3].GetMeta("status") == "403.000000"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-06-10T21:12:59Z"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[4].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[4].GetMeta("message") == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[4].GetMeta("status") == "403.000000"
+results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-06-10T21:13:00Z"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_path") == "foundryvtt-bf.log"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[5].GetMeta("level") == "warn"
+results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "foundryvtt_failed_game_auth"
+results[0].Overflow.Alert.Events[5].GetMeta("message") == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "::ffff:192.168.1.114"
+results[0].Overflow.Alert.Events[5].GetMeta("status") == "403.000000"
+results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-06-10T21:13:00Z"
+results[0].Overflow.Alert.GetScenario() == "eastcw/foundryvtt_fast_bf"
+results[0].Overflow.Alert.Remediation == true
+results[0].Overflow.Alert.GetEventsCount() == 6
\ No newline at end of file
diff --git a/.tests/foundryvtt-logs/config.yaml b/.tests/foundryvtt-logs/config.yaml
new file mode 100644
index 00000000000..7ebb93a1ed0
--- /dev/null
+++ b/.tests/foundryvtt-logs/config.yaml
@@ -0,0 +1,13 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/dateparse-enrich
+  - ./parsers/s01-parse/eastcw/foundryvtt-logs.yaml
+scenarios:
+  - ""
+postoverflows:
+  - ""
+log_file: foundryvtt-logs.log
+log_type: foundryvtt
+labels: {}
+ignore_parsers: false
+override_statics: []
diff --git a/.tests/foundryvtt-logs/foundryvtt-logs.log b/.tests/foundryvtt-logs/foundryvtt-logs.log
new file mode 100644
index 00000000000..d7e934269e6
--- /dev/null
+++ b/.tests/foundryvtt-logs/foundryvtt-logs.log
@@ -0,0 +1,8 @@
+{"ip":"192.168.1.165","level":"warn","message":"Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password","status":403,"timestamp":"2024-06-10 10:29:21"}
+{"ip":"192.168.1.165","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"51d183ff8c3b547a6a1883df","status":401,"timestamp":"2024-06-10 10:29:56"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:53"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:54"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"User authentication failed for user Gamemaster; invalid password","session":"cac2d280a26a838e96e4aaef","status":401,"timestamp":"2024-06-10 21:12:54"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:12:59"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:13:00"}
+{"ip":"::ffff:192.168.1.114","level":"warn","message":"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password","status":403,"timestamp":"2024-06-10 21:13:00"}
\ No newline at end of file
diff --git a/.tests/foundryvtt-logs/parser.assert b/.tests/foundryvtt-logs/parser.assert
new file mode 100644
index 00000000000..c54d0dfdbba
--- /dev/null
+++ b/.tests/foundryvtt-logs/parser.assert
@@ -0,0 +1,342 @@
+len(results) == 4
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 8
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 10:29:21\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"51d183ff8c3b547a6a1883df\",\"status\":401,\"timestamp\":\"2024-06-10 10:29:56\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:53\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:12:59\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["program"] == "foundryvtt"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 8
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Success == false
+len(results["s01-parse"]["eastcw/foundryvtt-logs"]) == 8
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 10:29:21\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["message"] == "Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["source_ip"] == "192.168.1.165"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Meta["status"] == "403.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Unmarshaled["foundryvtt"]["ip"] == "192.168.1.165"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 10:29:21"
+results["s01-parse"]["eastcw/foundryvtt-logs"][0].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"51d183ff8c3b547a6a1883df\",\"status\":401,\"timestamp\":\"2024-06-10 10:29:56\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["source_ip"] == "192.168.1.165"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Meta["status"] == "401.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 10:29:56"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["ip"] == "192.168.1.165"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["session"] == "51d183ff8c3b547a6a1883df"
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s01-parse"]["eastcw/foundryvtt-logs"][1].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:53\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Meta["status"] == "401.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:53"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Meta["status"] == "401.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:54"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][3].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Meta["status"] == "401.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:54"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:12:59\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Meta["status"] == "403.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:59"
+results["s01-parse"]["eastcw/foundryvtt-logs"][5].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Meta["status"] == "403.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:13:00"
+results["s01-parse"]["eastcw/foundryvtt-logs"][6].Evt.Whitelisted == false
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Success == true
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Parsed["program"] == "foundryvtt"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Meta["status"] == "403.000000"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:13:00"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s01-parse"]["eastcw/foundryvtt-logs"][7].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 8
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 10:29:21\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["message"] == "Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.1.165"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["status"] == "403.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-06-10T10:29:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-06-10T10:29:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["foundryvtt"]["ip"] == "192.168.1.165"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session 51d183ff8c3b547a6a1883df; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 10:29:21"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "{\"ip\":\"192.168.1.165\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"51d183ff8c3b547a6a1883df\",\"status\":401,\"timestamp\":\"2024-06-10 10:29:56\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "192.168.1.165"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["status"] == "401.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-06-10T10:29:56Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-06-10T10:29:56Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["session"] == "51d183ff8c3b547a6a1883df"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 10:29:56"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["foundryvtt"]["ip"] == "192.168.1.165"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:53\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["status"] == "401.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-06-10T21:12:53Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:12:53Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:53"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["status"] == "401.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2024-06-10T21:12:54Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:12:54Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:54"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"User authentication failed for user Gamemaster; invalid password\",\"session\":\"cac2d280a26a838e96e4aaef\",\"status\":401,\"timestamp\":\"2024-06-10 21:12:54\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["status"] == "401.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2024-06-10T21:12:54Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:12:54Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:54"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["message"] == "User authentication failed for user Gamemaster; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["session"] == "cac2d280a26a838e96e4aaef"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["foundryvtt"]["status"] == 401
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:12:59\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["status"] == "403.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2024-06-10T21:12:59Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:12:59Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:12:59"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["status"] == "403.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2024-06-10T21:13:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:13:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:13:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "{\"ip\":\"::ffff:192.168.1.114\",\"level\":\"warn\",\"message\":\"Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password\",\"status\":403,\"timestamp\":\"2024-06-10 21:13:00\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["program"] == "foundryvtt"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"] == "foundryvtt-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"] == "foundryvtt_failed_game_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["status"] == "403.000000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2024-06-10T21:13:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2024-06-10T21:13:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Unmarshaled["foundryvtt"]["ip"] == "::ffff:192.168.1.114"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Unmarshaled["foundryvtt"]["level"] == "warn"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Unmarshaled["foundryvtt"]["message"] == "Administrator authentication failed for session cac2d280a26a838e96e4aaef; invalid password"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Unmarshaled["foundryvtt"]["status"] == 403
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Unmarshaled["foundryvtt"]["timestamp"] == "2024-06-10 21:13:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Whitelisted == false
+len(results["success"][""]) == 0
\ No newline at end of file
diff --git a/.tests/foundryvtt-logs/scenario.assert b/.tests/foundryvtt-logs/scenario.assert
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/collections/eastcw/foundryvtt.md b/collections/eastcw/foundryvtt.md
new file mode 100644
index 00000000000..2dc36cdf239
--- /dev/null
+++ b/collections/eastcw/foundryvtt.md
@@ -0,0 +1,64 @@
+A collection to defend [Foundry VTT](https://foundryvtt.com/) server instances against brute force attacks:
+
+- Foundry VTT parser
+- Foundry VTT brute force detection
+
+## Whitelist
+
+You may also want to use a whitelist to prevent Foundry triggering http-crawl-non_statics. Mine looks like this and prevents the issue for my foundry subdomain.
+
+```yaml
+name: eastcw/foundryvtt-whitelist
+description: "Whitelist events from Foundry VTT"
+filter: "evt.Meta.log_type in ['http_access-log', 'http_error-log']"
+whitelist:
+  reason: "Foundryvtt Whitelist"
+  expression:
+    - evt.Meta.http_verb in ['GET', 'HEAD'] && evt.Meta.target_fqdn == 'foundry.example.com' && evt.Parsed.static_ressource == 'false'
+```
+
+## Acquisition Templates
+
+See example acquisitions for this collection below. Foundry V12 changed the way logs are generated and now creates a new file daily.
+
+### For Foundry V11 and lower
+
+If using LOG_FILE environment variable:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.log
+labels:
+  type: foundryvtt
+```
+
+If running via systemd:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.log
+  type: foundryvtt
+```
+
+### For Foundry V12 and up
+
+If using LOG_FILE environment variable:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.*.log
+labels:
+  type: foundryvtt
+```
+
+If running via systemd:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.*.log
+  type: foundryvtt
+```
diff --git a/collections/eastcw/foundryvtt.yaml b/collections/eastcw/foundryvtt.yaml
new file mode 100644
index 00000000000..c6c43de5f60
--- /dev/null
+++ b/collections/eastcw/foundryvtt.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - eastcw/foundryvtt-logs
+scenarios:
+  - eastcw/foundryvtt-bf
+description: "Foundry VTT log parsing and bruteforce protection"
+author: eastcw
+tags:
+  - linux
+  - brute-force
+  - foundryvtt
diff --git a/parsers/s01-parse/eastcw/foundryvtt-logs.md b/parsers/s01-parse/eastcw/foundryvtt-logs.md
new file mode 100644
index 00000000000..be22f45d849
--- /dev/null
+++ b/parsers/s01-parse/eastcw/foundryvtt-logs.md
@@ -0,0 +1,47 @@
+Parser for [Foundry VTT](https://foundryvtt.com/) server logs.
+
+## Acquisition Templates
+
+See example acquisitions for this collection below. Foundry V12 changed the way logs are generated and now creates a new file daily.
+
+### For Foundry V11 and lower
+
+If using LOG_FILE environment variable:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.log
+labels:
+  type: foundryvtt
+```
+
+If running via systemd:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.log
+  type: foundryvtt
+```
+
+### For Foundry V12 and up
+
+If using LOG_FILE environment variable:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.*.log
+labels:
+  type: foundryvtt
+```
+
+If running via systemd:
+
+```yaml
+---
+filenames:
+  - /PATH_TO_YOUR_FOUNDRY_DATA/Logs/debug.*.log
+  type: foundryvtt
+```
diff --git a/parsers/s01-parse/eastcw/foundryvtt-logs.yaml b/parsers/s01-parse/eastcw/foundryvtt-logs.yaml
new file mode 100644
index 00000000000..5cff728f03f
--- /dev/null
+++ b/parsers/s01-parse/eastcw/foundryvtt-logs.yaml
@@ -0,0 +1,43 @@
+name: eastcw/foundryvtt-logs
+description: "Parse Foundry VTT logs"
+filter: "evt.Parsed.program == 'foundryvtt' && UnmarshalJSON(evt.Line.Raw, evt.Unmarshaled, 'foundryvtt') in ['', nil]"
+debug: false
+onsuccess: next_stage
+pattern_syntax:
+  DATE_YMD: "%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day}"
+
+grok:
+  pattern: "%{DATE_YMD.date} %{TIME.time}"
+  expression: evt.Unmarshaled.foundryvtt.timestamp
+statics:
+  - meta: service
+    value: foundryvtt
+  - meta: source_ip
+    expression: evt.Unmarshaled.foundryvtt.ip
+  - meta: level
+    expression: evt.Unmarshaled.foundryvtt.level
+  - meta: message
+    expression: evt.Unmarshaled.foundryvtt.message
+  - meta: status
+    expression: evt.Unmarshaled.foundryvtt.status
+  - target: evt.StrTime
+    expression: evt.Unmarshaled.foundryvtt.timestamp
+nodes:
+  - nodes:
+      - grok:
+          pattern: "User authentication failed for user %{USERNAME:username}; invalid password"
+          expression: evt.Meta.message
+      - statics:
+          - meta: log_type
+            value: foundryvtt_failed_game_auth
+          - meta: username
+            expression: evt.Parsed.username
+  - nodes:
+      - grok:
+          pattern: "Administrator authentication failed for session %{BASE16NUM:session_id}; invalid password"
+          expression: evt.Meta.message
+      - statics:
+          - meta: log_type
+            value: foundryvtt_failed_admin_auth
+          - meta: session_id
+            expression: evt.Parsed.session_id
diff --git a/scenarios/eastcw/foundryvtt-bf.md b/scenarios/eastcw/foundryvtt-bf.md
new file mode 100644
index 00000000000..f2f9154d2f6
--- /dev/null
+++ b/scenarios/eastcw/foundryvtt-bf.md
@@ -0,0 +1,3 @@
+Detect failed Foundry VTT authentications.
+
+Leakspeed of 30s, capacity of 5 on source IP.
diff --git a/scenarios/eastcw/foundryvtt-bf.yaml b/scenarios/eastcw/foundryvtt-bf.yaml
new file mode 100644
index 00000000000..00ff70003d8
--- /dev/null
+++ b/scenarios/eastcw/foundryvtt-bf.yaml
@@ -0,0 +1,38 @@
+type: leaky
+name: eastcw/foundryvtt_fast_bf
+description: "Detect Foundry VTT bruteforce"
+
+filter: "evt.Meta.log_type in ['foundryvtt_failed_admin_auth', 'foundryvtt_failed_game_auth']"
+leakspeed: 10s
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 5m
+reprocess: true
+labels:
+  service: foundryvtt
+  behavior: "generic:bruteforce"
+  classification: attack.T1110
+  label: "Foundry VTT Bruteforce"
+  spoofable: 0
+  confidence: 3
+  remediation: true
+
+---
+type: leaky
+name: eastcw/foundryvtt_slow_bf
+description: "Detect Foundry VTT bruteforce"
+
+filter: "evt.Meta.log_type in ['foundryvtt_failed_admin_auth', 'foundryvtt_failed_game_auth']"
+leakspeed: 90s
+capacity: 10
+groupby: evt.Meta.source_ip
+blackhole: 5m
+reprocess: true
+labels:
+  service: foundryvtt
+  behavior: "generic:bruteforce"
+  classification: attack.T1110
+  label: "Foundry VTT Bruteforce"
+  spoofable: 0
+  confidence: 3
+  remediation: true