Hello, it seems more complicated than expected to fix the issue.
Currently, the workaround is to put the name of the scenario file instead of the name of the scenario.

For example, if a scenario called test/custom_scenario is in a file called custom_scenario.yaml, then we should enable the simulation like this:

sudo cscli simulation enable custom_scenario.yaml

And this should work.

This issue will be fixe during the refactor of the cwhub library.

Maybe I haven't read it correctly, but I've tried doing that and I can't. When trying to enable the simulation for the file, it returns:
'custom_scenario.yaml' doesn't exist or is not a scenario

Maybe I haven't read it correctly, but I've tried doing that and I can't. When trying to enable the simulation for the file, it returns:
'custom_scenario.yaml' doesn't exist or is not a scenario

This is a 2 year old workaround that most likely does not work anymore, I will attempt to see if there a new workaround or the original issue has been resolved

I have tested this and the original bug report has been fixed

╭─loz ~ took 17ms
╰─λ cat /etc/crowdsec/scenarios/ah.yaml
File: /etc/crowdsec/scenarios/ah.yaml
# 404 scan
type: leaky
#debug: true
name: crowdsecurity/ah
description: "Detect site scanning/probing from a single ip"
filter: "evt.Meta.service == 'http' && evt.Meta.http_status in ['404', '403', '400'] && evt.Parse
d.static_ressource == 'false'"
groupby: "evt.Meta.source_ip + '/' + evt.Parsed.target_fqdn"
distinct: "evt.Meta.http_path"
capacity: 10
reprocess: false
leakspeed: "10s"
blackhole: 5m
labels:
remediation: true
classification:
- attack.T1595.003
behavior: "http:scan"
label: "HTTP Probing"
spoofable: 0
service: http
confidence: 1

╭─loz ~ took 11ms
╰─λ cscli simulation enable crowdsecurity/ah
INFO[2024-04-03T12:54:55+01:00] simulation mode for 'crowdsecurity/ah' enabled
INFO[2024-04-03T12:54:55+01:00] Run 'sudo systemctl reload crowdsec' for the new configuration tobe effective.

What is the status of this? Simulation mode - both global and enabled only for individual custom scenarios - doesn't work for me at all on version 1.6.x.

crowdsec-crowdsec-agent-947ql:/# cscli version && cscli simulation status && cscli scenarios inspect custom/brute_force && cscli alerts list && cscli alerts inspect 1 && cscli decisions list
2024/04/19 16:33:31 version: v1.6.1-c6e40191
2024/04/19 16:33:31 Codename: alphaga
2024/04/19 16:33:31 BuildDate: 2024-04-18_13:47:41
2024/04/19 16:33:31 GoVersion: 1.21.9
2024/04/19 16:33:31 Platform: docker
2024/04/19 16:33:31 libre2: C++
2024/04/19 16:33:31 Constraint_parser: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_scenario: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_api: v1
2024/04/19 16:33:31 Constraint_acquis: >= 1.0, < 2.0
INFO[2024-04-19T16:33:31Z] global simulation: disabled                  
INFO[2024-04-19T16:33:31Z] Scenarios in simulation mode :               
INFO[2024-04-19T16:33:31Z]   - custom/brute_force                       
type: scenarios
name: custom/brute_force
file_name: brute-force.yaml
local_path: /etc/crowdsec/scenarios/brute-force.yaml
installed: true
downloaded: false
uptodate: true
tainted: false
local: true

Current metrics: 

 - (Scenario) custom/brute_force:
╭───────────────┬───────────┬──────────────┬────────┬─────────╮
│ Current Count │ Overflows │ Instantiated │ Poured │ Expired │
├───────────────┼───────────┼──────────────┼────────┼─────────┤
│ 0             │ 1         │ 1            │ 6      │ 0       │
╰───────────────┴───────────┴──────────────┴────────┴─────────╯
╭────┬──────────────┬────────────────────┬─────────┬────┬───────────┬─────────────────────────────────────────╮
│ ID │    value     │       reason       │ country │ as │ decisions │               created_at                │
├────┼──────────────┼────────────────────┼─────────┼────┼───────────┼─────────────────────────────────────────┤
│ 1  │ Ip:10.42.1.0 │ custom/brute_force │         │    │ ban:1     │ 2024-04-19 16:32:40.080501659 +0000 UTC │
╰────┴──────────────┴────────────────────┴─────────┴────┴───────────┴─────────────────────────────────────────╯

################################################################################################

 - ID           : 1
 - Date         : 2024-04-19T16:32:53Z
 - Machine      : CrowdSec [email protected]
 - Simulation   : false
 - Reason       : custom/brute_force
 - Events Count : 6
 - Scope:Value  : Ip:10.42.1.0
 - Country      : 
 - AS           : 
 - Begin        : 2024-04-19 16:32:40.080501659 +0000 UTC
 - End          : 2024-04-19 16:32:52.848885005 +0000 UTC
 - UUID         : 31342e93-fbcc-430d-ad28-10a47bab32a1

 - Active Decisions  :
╭────┬──────────────┬────────┬──────────────────┬──────────────────────╮
│ ID │ scope:value  │ action │    expiration    │      created_at      │
├────┼──────────────┼────────┼──────────────────┼──────────────────────┤
│ 1  │ Ip:10.42.1.0 │ ban    │ 59m20.978523943s │ 2024-04-19T16:32:53Z │
╰────┴──────────────┴────────┴──────────────────┴──────────────────────╯
╭────┬──────────┬──────────────┬────────────────────┬────────┬─────────┬────┬────────┬──────────────────┬──────────╮
│ ID │  Source  │ Scope:Value  │       Reason       │ Action │ Country │ AS │ Events │    expiration    │ Alert ID │
├────┼──────────┼──────────────┼────────────────────┼────────┼─────────┼────┼────────┼──────────────────┼──────────┤
│ 1  │ crowdsec │ Ip:10.42.1.0 │ custom/brute_force │ ban    │         │    │ 6      │ 59m20.914209538s │ 1        │
╰────┴──────────┴──────────────┴────────────────────┴────────┴─────────┴────┴────────┴──────────────────┴──────────╯

On version 1.5.5 global simulation works as expected, and enabled only for a custom scenario works after applying the previously mentioned workaround.

What is the status of this? Simulation mode - both global and enabled only for individual custom scenarios - doesn't work for me at all on version 1.6.x.

crowdsec-crowdsec-agent-947ql:/# cscli version && cscli simulation status && cscli scenarios inspect custom/brute_force && cscli alerts list && cscli alerts inspect 1 && cscli decisions list
2024/04/19 16:33:31 version: v1.6.1-c6e40191
2024/04/19 16:33:31 Codename: alphaga
2024/04/19 16:33:31 BuildDate: 2024-04-18_13:47:41
2024/04/19 16:33:31 GoVersion: 1.21.9
2024/04/19 16:33:31 Platform: docker
2024/04/19 16:33:31 libre2: C++
2024/04/19 16:33:31 Constraint_parser: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_scenario: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_api: v1
2024/04/19 16:33:31 Constraint_acquis: >= 1.0, < 2.0
INFO[2024-04-19T16:33:31Z] global simulation: disabled                  
INFO[2024-04-19T16:33:31Z] Scenarios in simulation mode :               
INFO[2024-04-19T16:33:31Z]   - custom/brute_force                       
type: scenarios
name: custom/brute_force
file_name: brute-force.yaml
local_path: /etc/crowdsec/scenarios/brute-force.yaml
installed: true
downloaded: false
uptodate: true
tainted: false
local: true

Current metrics: 

 - (Scenario) custom/brute_force:
╭───────────────┬───────────┬──────────────┬────────┬─────────╮
│ Current Count │ Overflows │ Instantiated │ Poured │ Expired │
├───────────────┼───────────┼──────────────┼────────┼─────────┤
│ 0             │ 1         │ 1            │ 6      │ 0       │
╰───────────────┴───────────┴──────────────┴────────┴─────────╯
╭────┬──────────────┬────────────────────┬─────────┬────┬───────────┬─────────────────────────────────────────╮
│ ID │    value     │       reason       │ country │ as │ decisions │               created_at                │
├────┼──────────────┼────────────────────┼─────────┼────┼───────────┼─────────────────────────────────────────┤
│ 1  │ Ip:10.42.1.0 │ custom/brute_force │         │    │ ban:1     │ 2024-04-19 16:32:40.080501659 +0000 UTC │
╰────┴──────────────┴────────────────────┴─────────┴────┴───────────┴─────────────────────────────────────────╯

################################################################################################

 - ID           : 1
 - Date         : 2024-04-19T16:32:53Z
 - Machine      : CrowdSec [email protected]
 - Simulation   : false
 - Reason       : custom/brute_force
 - Events Count : 6
 - Scope:Value  : Ip:10.42.1.0
 - Country      : 
 - AS           : 
 - Begin        : 2024-04-19 16:32:40.080501659 +0000 UTC
 - End          : 2024-04-19 16:32:52.848885005 +0000 UTC
 - UUID         : 31342e93-fbcc-430d-ad28-10a47bab32a1

 - Active Decisions  :
╭────┬──────────────┬────────┬──────────────────┬──────────────────────╮
│ ID │ scope:value  │ action │    expiration    │      created_at      │
├────┼──────────────┼────────┼──────────────────┼──────────────────────┤
│ 1  │ Ip:10.42.1.0 │ ban    │ 59m20.978523943s │ 2024-04-19T16:32:53Z │
╰────┴──────────────┴────────┴──────────────────┴──────────────────────╯
╭────┬──────────┬──────────────┬────────────────────┬────────┬─────────┬────┬────────┬──────────────────┬──────────╮
│ ID │  Source  │ Scope:Value  │       Reason       │ Action │ Country │ AS │ Events │    expiration    │ Alert ID │
├────┼──────────┼──────────────┼────────────────────┼────────┼─────────┼────┼────────┼──────────────────┼──────────┤
│ 1  │ crowdsec │ Ip:10.42.1.0 │ custom/brute_force │ ban    │         │    │ 6      │ 59m20.914209538s │ 1        │
╰────┴──────────┴──────────────┴────────────────────┴────────┴─────────┴────┴────────┴──────────────────┴──────────╯

On version 1.5.5 global simulation works as expected, and enabled only for a custom scenario works after applying the previously mentioned workaround.

Yes, we found a bug introduced by 1.6.0 we will be fixing this for 1.6.2 which we expect to be within a month