diff --git a/.tests/qbittorrent-bf/config.yaml b/.tests/qbittorrent-bf/config.yaml
new file mode 100644
index 00000000000..f750f2fb123
--- /dev/null
+++ b/.tests/qbittorrent-bf/config.yaml
@@ -0,0 +1,12 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - ./parsers/s01-parse/gilbsgilbs/qbittorrent-logs.yaml
+  - "crowdsecurity/dateparse-enrich"
+scenarios:
+  - ./scenarios/gilbsgilbs/qbittorrent-bf.yaml
+postoverflows:
+  - ""
+log_file: qbittorrent-logs.log
+log_type: qbittorrent
+labels: {}
+ignore_parsers: false
diff --git a/.tests/qbittorrent-bf/parser.assert b/.tests/qbittorrent-bf/parser.assert
new file mode 100644
index 00000000000..4b030f0aebb
--- /dev/null
+++ b/.tests/qbittorrent-bf/parser.assert
@@ -0,0 +1,248 @@
+len(results) == 4
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 7
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "(N) 2024-11-26T01:26:58 - WebAPI login success. IP: b942:70a6:a98a:de85:0733:bf28:33fb:fc71"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 7
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false
+len(results["s01-parse"]["gilbsgilbs/qbittorrent-logs"]) == 7
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][0].Success == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["reason"] == "invalid credentials, attempt count: 1"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["timestamp"] == "2024-11-26T13:37:02"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["reason"] == "invalid credentials, attempt count: 2"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["timestamp"] == "2024-11-26T13:37:03"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["reason"] == "invalid credentials, attempt count: 3"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["timestamp"] == "2024-11-26T13:37:04"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["reason"] == "invalid credentials, attempt count: 4"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["timestamp"] == "2024-11-26T13:37:05"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["reason"] == "invalid credentials, attempt count: 5"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["timestamp"] == "2024-11-26T13:37:06"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["reason"] == "IP has been banned"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["timestamp"] == "2024-11-26T13:37:07"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 6
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["reason"] == "invalid credentials, attempt count: 1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["timestamp"] == "2024-11-26T13:37:02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-11-26T13:37:02Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:02Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["reason"] == "invalid credentials, attempt count: 2"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["timestamp"] == "2024-11-26T13:37:03"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-11-26T13:37:03Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:03Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["reason"] == "invalid credentials, attempt count: 3"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["timestamp"] == "2024-11-26T13:37:04"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-11-26T13:37:04Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:04Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["reason"] == "invalid credentials, attempt count: 4"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["timestamp"] == "2024-11-26T13:37:05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2024-11-26T13:37:05Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:05Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["reason"] == "invalid credentials, attempt count: 5"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["timestamp"] == "2024-11-26T13:37:06"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2024-11-26T13:37:06Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:06Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["log_level"] == "W"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["reason"] == "IP has been banned"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["timestamp"] == "2024-11-26T13:37:07"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["username"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "qbittorrent"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2024-11-26T13:37:07Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["user"] == "user0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2024-11-26T13:37:07Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false
+len(results["success"][""]) == 0
diff --git a/.tests/qbittorrent-bf/qbittorrent-logs.log b/.tests/qbittorrent-bf/qbittorrent-logs.log
new file mode 100644
index 00000000000..fef166cb511
--- /dev/null
+++ b/.tests/qbittorrent-bf/qbittorrent-logs.log
@@ -0,0 +1,7 @@
+(N) 2024-11-26T01:26:58 - WebAPI login success. IP: b942:70a6:a98a:de85:0733:bf28:33fb:fc71
+(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
diff --git a/.tests/qbittorrent-bf/scenario.assert b/.tests/qbittorrent-bf/scenario.assert
new file mode 100644
index 00000000000..c75cf318331
--- /dev/null
+++ b/.tests/qbittorrent-bf/scenario.assert
@@ -0,0 +1,51 @@
+len(results) == 1
+"a839:f70d:3ed9:bf86:119b:e579:acdd:dce8" in results[0].Overflow.GetSources()
+results[0].Overflow.Sources["a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"].IP == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Sources["a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"].Range == ""
+results[0].Overflow.Sources["a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"].GetScope() == "Ip"
+results[0].Overflow.Sources["a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"].GetValue() == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[0].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-11-26T13:37:02Z"
+results[0].Overflow.Alert.Events[0].GetMeta("user") == "user0"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[1].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-11-26T13:37:03Z"
+results[0].Overflow.Alert.Events[1].GetMeta("user") == "user0"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[2].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-11-26T13:37:04Z"
+results[0].Overflow.Alert.Events[2].GetMeta("user") == "user0"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[3].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-11-26T13:37:05Z"
+results[0].Overflow.Alert.Events[3].GetMeta("user") == "user0"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[4].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-11-26T13:37:06Z"
+results[0].Overflow.Alert.Events[4].GetMeta("user") == "user0"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_path") == "qbittorrent-logs.log"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "qbittorrent_failed_auth"
+results[0].Overflow.Alert.Events[5].GetMeta("service") == "qbittorrent"
+results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-11-26T13:37:07Z"
+results[0].Overflow.Alert.Events[5].GetMeta("user") == "user0"
+results[0].Overflow.Alert.GetScenario() == "gilbsgilbs/qbittorrent-bf"
+results[0].Overflow.Alert.Remediation == true
+results[0].Overflow.Alert.GetEventsCount() == 6
diff --git a/.tests/qbittorrent-logs/config.yaml b/.tests/qbittorrent-logs/config.yaml
new file mode 100644
index 00000000000..b5b5e840ced
--- /dev/null
+++ b/.tests/qbittorrent-logs/config.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - ./parsers/s01-parse/gilbsgilbs/qbittorrent-logs.yaml
+scenarios:
+  - ""
+postoverflows:
+  - ""
+log_file: qbittorrent-logs.log
+log_type: qbittorrent
+labels: {}
+ignore_parsers: false
diff --git a/.tests/qbittorrent-logs/parser.assert b/.tests/qbittorrent-logs/parser.assert
new file mode 100644
index 00000000000..c2ea5b2b788
--- /dev/null
+++ b/.tests/qbittorrent-logs/parser.assert
@@ -0,0 +1,145 @@
+len(results) == 3
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 7
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "(N) 2024-11-26T01:26:58 - WebAPI login success. IP: b942:70a6:a98a:de85:0733:bf28:33fb:fc71"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "qbittorrent"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 7
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false
+len(results["s01-parse"]["gilbsgilbs/qbittorrent-logs"]) == 7
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][0].Success == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["reason"] == "invalid credentials, attempt count: 1"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["timestamp"] == "2024-11-26T13:37:02"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][1].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["reason"] == "invalid credentials, attempt count: 2"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["timestamp"] == "2024-11-26T13:37:03"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["reason"] == "invalid credentials, attempt count: 3"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["timestamp"] == "2024-11-26T13:37:04"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][3].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["reason"] == "invalid credentials, attempt count: 4"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["timestamp"] == "2024-11-26T13:37:05"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["reason"] == "invalid credentials, attempt count: 5"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["timestamp"] == "2024-11-26T13:37:06"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][5].Evt.Whitelisted == false
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Success == true
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["log_level"] == "W"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["message"] == "(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["program"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["reason"] == "IP has been banned"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["timestamp"] == "2024-11-26T13:37:07"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Parsed["username"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["datasource_path"] == "qbittorrent-logs.log"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["log_type"] == "qbittorrent_failed_auth"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["service"] == "qbittorrent"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["source_ip"] == "a839:f70d:3ed9:bf86:119b:e579:acdd:dce8"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Meta["user"] == "user0"
+results["s01-parse"]["gilbsgilbs/qbittorrent-logs"][6].Evt.Whitelisted == false
+len(results["success"][""]) == 0
diff --git a/.tests/qbittorrent-logs/qbittorrent-logs.log b/.tests/qbittorrent-logs/qbittorrent-logs.log
new file mode 100644
index 00000000000..fef166cb511
--- /dev/null
+++ b/.tests/qbittorrent-logs/qbittorrent-logs.log
@@ -0,0 +1,7 @@
+(N) 2024-11-26T01:26:58 - WebAPI login success. IP: b942:70a6:a98a:de85:0733:bf28:33fb:fc71
+(W) 2024-11-26T13:37:02 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:03 - WebAPI login failure. Reason: invalid credentials, attempt count: 2, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:04 - WebAPI login failure. Reason: invalid credentials, attempt count: 3, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:05 - WebAPI login failure. Reason: invalid credentials, attempt count: 4, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:06 - WebAPI login failure. Reason: invalid credentials, attempt count: 5, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
+(W) 2024-11-26T13:37:07 - WebAPI login failure. Reason: IP has been banned, IP: a839:f70d:3ed9:bf86:119b:e579:acdd:dce8, username: user0
diff --git a/.tests/qbittorrent-logs/scenario.assert b/.tests/qbittorrent-logs/scenario.assert
new file mode 100644
index 00000000000..03455618a29
--- /dev/null
+++ b/.tests/qbittorrent-logs/scenario.assert
@@ -0,0 +1 @@
+len(results) == 0
diff --git a/collections/gilbsgilbs/qbittorrent.md b/collections/gilbsgilbs/qbittorrent.md
new file mode 100644
index 00000000000..06b4a2b781f
--- /dev/null
+++ b/collections/gilbsgilbs/qbittorrent.md
@@ -0,0 +1,20 @@
+## QBittorrent Collection
+
+A collection for QBittorrent:
+ - QBittorrent logs parser
+ - Bruteforce detection on the WebUI
+
+**Important note:** if you use a reverse proxy, make sure you configure your
+“trusted proxies list” in the WebUI options to avoid accidentally banning
+yourself.
+
+## Acquisition template
+
+Example acquisition for this collection:
+
+```yaml
+filenames:
+  - /config/qBittorrent/logs/qbittorrent.log
+labels:
+  type: qbittorrent
+```
diff --git a/collections/gilbsgilbs/qbittorrent.yaml b/collections/gilbsgilbs/qbittorrent.yaml
new file mode 100644
index 00000000000..fde53daf5b2
--- /dev/null
+++ b/collections/gilbsgilbs/qbittorrent.yaml
@@ -0,0 +1,9 @@
+parsers:
+  - gilbsgilbs/qbittorrent-logs
+scenarios:
+  - gilbsgilbs/qbittorrent-bf
+description: "QBittorrent support: logs and brute-force scenario"
+author: crowdsecurity
+tags:
+  - qbittorrent
+  - bruteforce
diff --git a/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.md b/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.md
new file mode 100644
index 00000000000..7796a8d71d2
--- /dev/null
+++ b/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.md
@@ -0,0 +1,3 @@
+QBittorrent authentication failure parser.
+
+Supports default QBittorent's log format.
diff --git a/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.yaml b/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.yaml
new file mode 100644
index 00000000000..bc8c2a54baa
--- /dev/null
+++ b/parsers/s01-parse/gilbsgilbs/qbittorrent-logs.yaml
@@ -0,0 +1,44 @@
+onsuccess: next_stage
+name: gilbsgilbs/qbittorrent-logs
+description: "Parse QBittorrent logs"
+filter: "evt.Parsed.program == 'qbittorrent'"
+nodes:
+  - grok:
+      # (W) 2024-11-26T13:56:41 - WebAPI login failure. Reason: invalid credentials, attempt count: 1, IP: b8ae:97b8:322f:20c6:c704:6441:0fbd:b782, username: someuser
+      # (W) 2024-11-26T13:37:27 - WebAPI login failure. Reason: IP has been banned, IP: b8ae:97b8:322f:20c6:c704:6441:0fbd:b782, username: someuser
+      pattern: >-
+        \(%{WORD:log_level}\) %{TIMESTAMP_ISO8601:timestamp}
+        - WebAPI login failure. Reason: %{GREEDYDATA:reason},
+        IP: %{IP:source_ip},
+        username: %{USERNAME:username}
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: qbittorrent_failed_auth
+        - meta: user
+          expression: evt.Parsed.username
+statics:
+  - meta: service
+    value: qbittorrent
+  - meta: source_ip
+    expression: evt.Parsed.source_ip
+  - target: evt.StrTime
+    # FIXME QBittorrent's ISO 8601 timestamps may or may not have an explicit
+    # timezone in logs depending on system configuration. However, it seems
+    # that CrowdSec's parser limits itself to RFC3339 (+ a few manually defined
+    # formats), which mandates a timezone.
+    #
+    # As I am not able to determine the unicity of the StrTimeFormat (I'd need
+    # to provide at least a timezone-aware and a timezone-naive one), this
+    # expression will attempt to detect timestamps that are already timezone
+    # aware and only add the UTC timezone to those which aren't.
+    #
+    # See this fix upstream: https://github.com/crowdsecurity/crowdsec/pull/3346
+    # Once this is merge and released, we can safely get rid of this hack as
+    # all known formats would be supported.
+    expression: |-
+      (evt.Parsed.timestamp matches `(Z|[+-]\d{2}(:?\d{2})?(\[[^\]]+\])?)$`)
+        // Already timezone aware.
+        ? evt.Parsed.timestamp
+        // Timezone naive. Assume UTC.
+        : (evt.Parsed.timestamp + "Z")
diff --git a/scenarios/gilbsgilbs/qbittorrent-bf.md b/scenarios/gilbsgilbs/qbittorrent-bf.md
new file mode 100644
index 00000000000..452b2ad609c
--- /dev/null
+++ b/scenarios/gilbsgilbs/qbittorrent-bf.md
@@ -0,0 +1,3 @@
+Detect several failed QBittorrent WebUI authentications.
+
+leakspeed of 10s, capacity of 5
diff --git a/scenarios/gilbsgilbs/qbittorrent-bf.yaml b/scenarios/gilbsgilbs/qbittorrent-bf.yaml
new file mode 100644
index 00000000000..0ea6c0ce510
--- /dev/null
+++ b/scenarios/gilbsgilbs/qbittorrent-bf.yaml
@@ -0,0 +1,19 @@
+# qBittorrent bruteforce
+type: leaky
+#debug: true
+name: gilbsgilbs/qbittorrent-bf
+description: "Detect QBittorrent WebUI bruteforce"
+filter: evt.Meta.log_type == 'qbittorrent_failed_auth'
+leakspeed: "10s"
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 5m
+labels:
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1110
+  behavior: "iot:bruteforce"
+  label: "QBittorrent Bruteforce"
+  service: qbittorrent
+  remediation: true