diff --git a/.tests/overseerr-whitelist/config.yaml b/.tests/overseerr-whitelist/config.yaml
new file mode 100644
index 00000000000..a1fe6e073f7
--- /dev/null
+++ b/.tests/overseerr-whitelist/config.yaml
@@ -0,0 +1,14 @@
+parsers:
+- crowdsecurity/syslog-logs
+- crowdsecurity/dateparse-enrich
+- crowdsecurity/nginx-logs
+- ./parsers/s02-enrich/crowdsecurity/overseerr-whitelist.yaml
+scenarios:
+- ""
+postoverflows:
+- ""
+log_file: overseerr-logs.log
+log_type: nginx
+labels: {}
+ignore_parsers: false
+override_statics: []
diff --git a/.tests/overseerr-whitelist/overseerr-logs.log b/.tests/overseerr-whitelist/overseerr-logs.log
new file mode 100644
index 00000000000..a6007f20cd0
--- /dev/null
+++ b/.tests/overseerr-whitelist/overseerr-logs.log
@@ -0,0 +1,5 @@
+2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] "GET /api/v1/request/440 HTTP/3.0" 304 0 "" ""
+2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] "GET /api/v1/request/439 HTTP/3.0" 304 0 "" ""
+2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] "GET /api/v1/request/438 HTTP/3.0" 200 3226 "" ""
+2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] "GET /api/v1/request/437 HTTP/3.0" 304 0 "" ""
+2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] "GET /api/v1/request/436 HTTP/3.0" 200 3226 "" ""
diff --git a/.tests/overseerr-whitelist/parser.assert b/.tests/overseerr-whitelist/parser.assert
new file mode 100644
index 00000000000..f49bdb32c6d
--- /dev/null
+++ b/.tests/overseerr-whitelist/parser.assert
@@ -0,0 +1,367 @@
+len(results) == 4
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 5
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/440 HTTP/3.0\" 304 0 \"\" \"\""
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "nginx"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/439 HTTP/3.0\" 304 0 \"\" \"\""
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "nginx"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/438 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "nginx"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/437 HTTP/3.0\" 304 0 \"\" \"\""
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "nginx"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/436 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "nginx"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 5
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
+len(results["s01-parse"]["crowdsecurity/nginx-logs"]) == 5
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Success == true
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["body_bytes_sent"] == "0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_version"] == "3.0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/440 HTTP/3.0\" 304 0 \"\" \"\""
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["program"] == "nginx"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["request"] == "/api/v1/request/440"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_path"] == "/api/v1/request/440"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Success == true
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["body_bytes_sent"] == "0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_version"] == "3.0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/439 HTTP/3.0\" 304 0 \"\" \"\""
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["program"] == "nginx"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["request"] == "/api/v1/request/439"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_path"] == "/api/v1/request/439"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Success == true
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_version"] == "3.0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/438 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["program"] == "nginx"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["request"] == "/api/v1/request/438"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["status"] == "200"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_path"] == "/api/v1/request/438"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_status"] == "200"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Success == true
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["body_bytes_sent"] == "0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_version"] == "3.0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/437 HTTP/3.0\" 304 0 \"\" \"\""
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["program"] == "nginx"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["request"] == "/api/v1/request/437"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_path"] == "/api/v1/request/437"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_status"] == "304"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Success == true
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_version"] == "3.0"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/436 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["program"] == "nginx"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["request"] == "/api/v1/request/436"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["status"] == "200"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_path"] == "/api/v1/request/436"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_status"] == "200"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 5
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/440 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/api/v1/request/440"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/api/v1/request/440"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/439 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/api/v1/request/439"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/api/v1/request/439"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/438 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["request"] == "/api/v1/request/438"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["status"] == "200"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_path"] == "/api/v1/request/438"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_status"] == "200"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/437 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["request"] == "/api/v1/request/437"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_path"] == "/api/v1/request/437"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/436 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request"] == "/api/v1/request/436"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "200"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_path"] == "/api/v1/request/436"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "200"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"]) == 5
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Success == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/440 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["request"] == "/api/v1/request/440"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["http_path"] == "/api/v1/request/440"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.Whitelisted == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][0].Evt.WhitelistReason == "Overseerr whitelist"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Success == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/439 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["request"] == "/api/v1/request/439"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["http_path"] == "/api/v1/request/439"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.Whitelisted == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][1].Evt.WhitelistReason == "Overseerr whitelist"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Success == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/438 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["request"] == "/api/v1/request/438"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["status"] == "200"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["http_path"] == "/api/v1/request/438"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["http_status"] == "200"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.Whitelisted == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][2].Evt.WhitelistReason == "Overseerr whitelist"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Success == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/437 HTTP/3.0\" 304 0 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["request"] == "/api/v1/request/437"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["http_path"] == "/api/v1/request/437"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["http_status"] == "304"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.Whitelisted == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][3].Evt.WhitelistReason == "Overseerr whitelist"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Success == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["body_bytes_sent"] == "3226"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["http_version"] == "3.0"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["message"] == "2001:db8:1:2:3:4:5:6 - - [25/Jul/2025:10:25:21 -0400] \"GET /api/v1/request/436 HTTP/3.0\" 200 3226 \"\" \"\""
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["program"] == "nginx"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["remote_addr"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["request"] == "/api/v1/request/436"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["status"] == "200"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["time_local"] == "25/Jul/2025:10:25:21 -0400"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["datasource_path"]) == "overseerr-logs.log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["http_path"] == "/api/v1/request/436"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["http_status"] == "200"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["source_ip"] == "2001:db8:1:2:3:4:5:6"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Meta["timestamp"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Enriched["MarshaledTime"] == "2025-07-25T10:25:21-04:00"
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.Whitelisted == true
+results["s02-enrich"]["crowdsecurity/overseerr-whitelist"][4].Evt.WhitelistReason == "Overseerr whitelist"
+len(results["success"][""]) == 0
diff --git a/.tests/overseerr-whitelist/scenario.assert b/.tests/overseerr-whitelist/scenario.assert
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/.tests/overseerr-whitelist/scenario.assert
@@ -0,0 +1 @@
+
diff --git a/collections/LePresidente/overseerr.yml b/collections/LePresidente/overseerr.yml
index 86786cbcc40..370d59132f3 100644
--- a/collections/LePresidente/overseerr.yml
+++ b/collections/LePresidente/overseerr.yml
@@ -1,5 +1,6 @@
 parsers:
   - LePresidente/overseerr-logs
+  - crowdsecurity/overseerr-whitelist
 scenarios:
   - LePresidente/overseerr-bf
 description: "overseerr Support : parser and brute-force detection"
@@ -7,4 +8,4 @@ author: LePresidente
 tags:
   - linux
   - brute-force
-  - overseerr
\ No newline at end of file
+  - overseerr
diff --git a/parsers/s01-parse/LePresidente/overseerr-logs.yaml b/parsers/s01-parse/LePresidente/overseerr-logs.yaml
index a600c70ad7c..003ab01135d 100644
--- a/parsers/s01-parse/LePresidente/overseerr-logs.yaml
+++ b/parsers/s01-parse/LePresidente/overseerr-logs.yaml
@@ -30,6 +30,7 @@ nodes:
       statics:
         - meta: log_type
           value: overseerr_failed_auth
+
 statics:
     - meta: service
       value: overseerr
@@ -38,4 +39,4 @@ statics:
     - meta: user
       expression: "evt.Parsed.username"
     - target: evt.StrTime
-      expression: evt.Parsed.timestamp
\ No newline at end of file
+      expression: evt.Parsed.timestamp
diff --git a/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.md b/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.md
new file mode 100644
index 00000000000..1fff99ca30b
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.md
@@ -0,0 +1,4 @@
+## Overseerr Whitelist
+
+### Browsing Movies, Series or Requests
+When scrolling fast while using Overseerr on the Movies, Series or Requests pages, many GET requests are made to ``/api/v1/(movie|tv|request)``. The http-crawl-non_statics scenario will be triggered if too many requests to the API are made too quickly unless this whitelist is used.
diff --git a/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.yaml b/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.yaml
new file mode 100644
index 00000000000..daecbde02e5
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/overseerr-whitelist.yaml
@@ -0,0 +1,7 @@
+name: crowdsecurity/overseerr-whitelist
+description: "Whitelist events from overseerr"
+filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"
+whitelist:
+  reason: "Overseerr whitelist"
+  expression:
+   - evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '^\\/api\\/v1\\/(movie|tv|request)\\/(\\d+)$' # When browsing Movies, Series or Requests
diff --git a/scenarios/LePresidente/overseerr-bf.yaml b/scenarios/LePresidente/overseerr-bf.yaml
index 5b1b7de5369..0d9065a23c5 100644
--- a/scenarios/LePresidente/overseerr-bf.yaml
+++ b/scenarios/LePresidente/overseerr-bf.yaml
@@ -5,7 +5,7 @@ filter: "evt.Meta.log_type == 'overseerr_failed_auth'"
 #debug: true
 type: leaky
 groupby: evt.Meta.source_ip
-leakspeed: "20s"
+leakspeed: 20s
 capacity: 5
 blackhole: 1m
 labels:
@@ -25,7 +25,7 @@ description: "Detect overseerr user enum bruteforce"
 filter: "evt.Meta.log_type == 'overseerr_failed_auth'"
 groupby: evt.Meta.source_ip
 distinct: evt.Meta.user
-leakspeed: 10s
+leakspeed: 1m
 capacity: 5
 blackhole: 1m
 labels: