diff --git a/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml b/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml
index 5be41fc39d3..662b8d69c69 100644
--- a/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml
+++ b/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml
@@ -7,9 +7,15 @@ leakspeed: 30s
 capacity: 5
 labels:
   type: exploit
+  behavior: "http:exploit"
   remediation: true
   confidence: 1
   spoofable: 0
+  classification:
+    - attack.T1190
+  label: "Triggered multiple OutOfBand CrowdSec AppSec rules"
+  service: http
+  
 groupby: "evt.Meta.source_ip"
 #---
 # at least requests blocked on 3 distinct URIs