up

Author: buixor

crowdsec-docs/docs/configuration/crowdsec_configuration.md

@@ -50,27 +50,39 @@ Enabled alert context for Local API and Log Processor.
 
 ### `/etc/crowdsec/hub/`
 
-Local Hub Mirror.
+Local Hub Mirror. Not itended to be modified by the user. Do not put custom scenarios/parsers here.
 
 ### `/etc/crowdsec/local_api_credentials.yaml` and `/etc/crowdsec/online_api_credentials.yaml`
 
 Credentials for Local API and Central API.
 
 ### `/etc/crowdsec/parsers`
 
-Contains all parsers enabled on the Log Processor, organised in stages:
+Contains all parsers enabled on the Log Processor, including local parsers, organised in stages:
  - `/etc/crowdsec/parsers/s00-raw/*.yaml` : parsers for based formats such as syslog.
  - `/etc/crowdsec/parsers/s01-parse/*.yaml` : service specific parsers such as nginx or ssh.
  - `/etc/crowdsec/parsers/s02-enrich/*.yaml` : enrichment parsers and whitelists.
 
+
 ### `/etc/crowdsec/scenarios`
 
-Contains all scenarios enabled on the Log Processor.
+Contains all scenarios enabled on the Log Processor, including local scenarios.
 
 ### `/etc/crowdsec/profiles.yaml`
 
 Contains profiles used by Local API to eventually turn alerts into decisions or dispatch them to notification plugins.
 
+### `/etc/crowdsec/notifications/*.yaml`
+
+Contains notification plugins configuration (slack, email, splunk, etc.)
+
+### `/etc/crowdsec/appsec-configs/*.yaml`
+
+Contains AppSec (WAF) configuration indicating which rules or loaded in `inband` and `outofband` files, as well as eventual `hooks` configuration.
+
+### `/etc/crowdsec/appsec-rules/*.yaml`
+
+Contains individual AppSec (WAF) rules loaded by `appsec-configs` files.
 
 ## Environment variables