diff --git a/.index.json b/.index.json
index 73fdc050a21..46a1baa6084 100644
--- a/.index.json
+++ b/.index.json
@@ -4321,7 +4321,7 @@
   },
   "crowdsecurity/sshd": {
    "path": "collections/crowdsecurity/sshd.yaml",
-   "version": "0.3",
+   "version": "0.5",
    "versions": {
     "0.1": {
      "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3",
@@ -4334,10 +4334,18 @@
     "0.3": {
      "digest": "31d549124634df1d13e67f0903b10c1816690589f4d6add6fec0ed74d30499bb",
      "deprecated": false
+    },
+    "0.4": {
+     "digest": "f160bdac7f159746128db1f8d425d56ead03f47dfc4f0b0abfe4a6d3bc0a617b",
+     "deprecated": false
+    },
+    "0.5": {
+     "digest": "745d8f2a0460b80546812e618cbb65c99614a159759eede8a46c6b0f9dabdc53",
+     "deprecated": false
     }
    },
    "long_description": "IyMgU1NIRCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIHNzaGQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIHNzaCBwYXJzZXIKIC0gc3NoIGJydXRlZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KIC0gc3NoICdzbG93JyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24KCg==",
-   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9iZl9iYXNlCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCiAgLSBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9iZl9iYXNlCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK",
    "description": "sshd support : parser and brute-force detection",
    "author": "crowdsecurity",
    "labels": null,
@@ -4346,7 +4354,8 @@
    ],
    "scenarios": [
     "crowdsecurity/ssh-bf",
-    "crowdsecurity/ssh-slow-bf"
+    "crowdsecurity/ssh-slow-bf",
+    "crowdsecurity/ssh-cve-2024-6387"
    ],
    "contexts": [
     "crowdsecurity/bf_base"
@@ -7494,7 +7503,7 @@
   "crowdsecurity/sshd-logs": {
    "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml",
    "stage": "s01-parse",
-   "version": "2.5",
+   "version": "2.6",
    "versions": {
     "0.1": {
      "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93",
@@ -7595,10 +7604,14 @@
     "2.5": {
      "digest": "72d2401186e070aeba716301c36c08b0f1c26b60b9cd76f4eb59fadfd04589ee",
      "deprecated": false
+    },
+    "2.6": {
+     "digest": "30c49a38d17a5ace21f41cbe175164722d1bc89ca374b1520d432d94a208a725",
+     "deprecated": false
     }
    },
    "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==",
-   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiAoY2xvc2VkfHJlc2V0KSBieSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogICNmb2xsb3dpbmc6IGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy8xMjAxIC0gc29tZSBzY2FubmVycyBiZWhhdmUgZGlmZmVyZW50bHkgYW5kIHRyaWdnZXIgdGhpcyBvbmUKICBTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQ6ICdEaXNjb25uZWN0ZWQgZnJvbSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogIFNTSERfQkFEX0tFWV9ORUdPVElBVElPTjogJ1VuYWJsZSB0byBuZWdvdGlhdGUgd2l0aCAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrOiBubyBtYXRjaGluZyAoaG9zdCBrZXkgdHlwZXxrZXkgZXhjaGFuZ2UgbWV0aG9kfE1BQykgZm91bmQuJwojIGluIGNhc2UgdGhlcmUgYXJlIGJsb2NrZWQgYnkgL2V0Yy9zc2gvc3NoZF9jb25maWcgQWxsb3dVc2VycyB4eCB5eQogIFNTSERfTk9UX0FMTE9XRURfVVNFUjogJ1VzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0/IGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggcG9ydCBcZCspPyBub3QgYWxsb3dlZCBiZWNhdXNlIG5vdCBsaXN0ZWQgaW4gQWxsb3dVc2VycycKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0RJU0NfUFJFQVVUSCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0JBRF9WRVJTSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX05PVF9BTExPV0VEX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9CQU5ORVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogZXh0cmFfbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2Jhbm5lcgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfVVNFUl9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazogCiAgICAgIG5hbWU6ICJTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfS0VZX05FR09USUFUSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2tleWV4Y2hhbmdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9jbGllbnRfaXAiCg==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiAoY2xvc2VkfHJlc2V0KSBieSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogICNmb2xsb3dpbmc6IGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy8xMjAxIC0gc29tZSBzY2FubmVycyBiZWhhdmUgZGlmZmVyZW50bHkgYW5kIHRyaWdnZXIgdGhpcyBvbmUKICBTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQ6ICdEaXNjb25uZWN0ZWQgZnJvbSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogIFNTSERfQkFEX0tFWV9ORUdPVElBVElPTjogJ1VuYWJsZSB0byBuZWdvdGlhdGUgd2l0aCAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrOiBubyBtYXRjaGluZyAoaG9zdCBrZXkgdHlwZXxrZXkgZXhjaGFuZ2UgbWV0aG9kfE1BQykgZm91bmQuJwojIGluIGNhc2UgdGhleSBhcmUgYmxvY2tlZCBieSAvZXRjL3NzaC9zc2hkX2NvbmZpZyBBbGxvd1VzZXJzIHh4IHl5CiAgU1NIRF9OT1RfQUxMT1dFRF9VU0VSOiAnVXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfT8gZnJvbSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCBwb3J0IFxkKyk/IG5vdCBhbGxvd2VkIGJlY2F1c2Ugbm90IGxpc3RlZCBpbiBBbGxvd1VzZXJzJwogIFNTSERfQVVUSF9USU1FT1VUOiAnVGltZW91dCBiZWZvcmUgYXV0aGVudGljYXRpb24gZm9yICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVJfQUxUIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNDX1BSRUFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfVkVSU0lPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfVVNFUiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9OT1RfQUxMT1dFRF9VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfQkFOTkVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IGV4dHJhX2xvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9iYW5uZXIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1VTRVJfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOiAKICAgICAgbmFtZTogIlNTSERfQVVUSF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQkFEX0tFWV9ORUdPVElBVElPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9rZXlleGNoYW5nZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQVVUSF9USU1FT1VUIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYXV0aF90aW1lb3V0CnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9jbGllbnRfaXAiCg==",
    "description": "Parse openSSH logs",
    "author": "crowdsecurity",
    "labels": null
@@ -13927,6 +13940,32 @@
     "spoofable": 0
    }
   },
+  "crowdsecurity/ssh-cve-2024-6387": {
+   "path": "scenarios/crowdsecurity/ssh-cve-2024-6387.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "1a36e33f8743790c5544faa999aa8dd062f6e2b696e16232d3a3f28576119503",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBDVkUtMjAyNC02Mzg3CiA=",
+   "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMTgwcyIKY2FwYWNpdHk6IDMKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjQtNjM4NwogIGxhYmVsOiAiU1NIIENWRS0yMDI0LTYzODciCiAgYmVoYXZpb3I6ICJzc2g6ZXhwbG9pdCIKICByZW1lZGlhdGlvbjogdHJ1ZQ==",
+   "description": "Detect exploitation attempt of CVE-2024-6387",
+   "author": "crowdsecurity",
+   "labels": {
+    "behavior": "ssh:exploit",
+    "classification": [
+     "attack.T1190",
+     "cve.CVE-2024-6387"
+    ],
+    "confidence": 3,
+    "label": "SSH CVE-2024-6387",
+    "remediation": true,
+    "service": "ssh",
+    "spoofable": 0
+   }
+  },
   "crowdsecurity/ssh-slow-bf": {
    "path": "scenarios/crowdsecurity/ssh-slow-bf.yaml",
    "version": "0.4",
diff --git a/.tests/ssh-timeout/config.yaml b/.tests/ssh-timeout/config.yaml
new file mode 100644
index 00000000000..1d8107e7e55
--- /dev/null
+++ b/.tests/ssh-timeout/config.yaml
@@ -0,0 +1,9 @@
+parsers:
+    - ./parsers/s01-parse/crowdsecurity/sshd-logs.yaml
+    - crowdsecurity/syslog-logs
+    - crowdsecurity/dateparse-enrich
+scenarios:
+    - ./scenarios/crowdsecurity/ssh-cve-2024-6387.yaml
+log_file: ssh-timeout.log
+log_type: syslog
+ignore_parsers: true
diff --git a/.tests/ssh-timeout/parser.assert b/.tests/ssh-timeout/parser.assert
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/.tests/ssh-timeout/scenario.assert b/.tests/ssh-timeout/scenario.assert
new file mode 100644
index 00000000000..c51a2e168db
--- /dev/null
+++ b/.tests/ssh-timeout/scenario.assert
@@ -0,0 +1,37 @@
+len(results) == 1
+"192.168.9.212" in results[0].Overflow.GetSources()
+results[0].Overflow.Sources["192.168.9.212"].IP == "192.168.9.212"
+results[0].Overflow.Sources["192.168.9.212"].Range == ""
+results[0].Overflow.Sources["192.168.9.212"].GetScope() == "Ip"
+results[0].Overflow.Sources["192.168.9.212"].GetValue() == "192.168.9.212"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "ssh-timeout.log"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "ssh_auth_timeout"
+results[0].Overflow.Alert.Events[0].GetMeta("machine") == "usbkey"
+results[0].Overflow.Alert.Events[0].GetMeta("service") == "ssh"
+results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "192.168.9.212"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-07-01T09:30:56Z"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "ssh-timeout.log"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "ssh_auth_timeout"
+results[0].Overflow.Alert.Events[1].GetMeta("machine") == "usbkey"
+results[0].Overflow.Alert.Events[1].GetMeta("service") == "ssh"
+results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "192.168.9.212"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-01T09:31:26Z"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "ssh-timeout.log"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "ssh_auth_timeout"
+results[0].Overflow.Alert.Events[2].GetMeta("machine") == "usbkey"
+results[0].Overflow.Alert.Events[2].GetMeta("service") == "ssh"
+results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "192.168.9.212"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-01T09:31:56Z"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "ssh-timeout.log"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_auth_timeout"
+results[0].Overflow.Alert.Events[3].GetMeta("machine") == "usbkey"
+results[0].Overflow.Alert.Events[3].GetMeta("service") == "ssh"
+results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "192.168.9.212"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-01T09:32:26Z"
+results[0].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-cve-2024-6387"
+results[0].Overflow.Alert.Remediation == true
+results[0].Overflow.Alert.GetEventsCount() == 4
\ No newline at end of file
diff --git a/.tests/ssh-timeout/ssh-timeout.log b/.tests/ssh-timeout/ssh-timeout.log
new file mode 100644
index 00000000000..7f3d2a001ad
--- /dev/null
+++ b/.tests/ssh-timeout/ssh-timeout.log
@@ -0,0 +1,4 @@
+Jul  1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056
+Jul  1 09:31:26 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056
+Jul  1 09:31:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056
+Jul  1 09:32:26 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056
diff --git a/.tests/sshd-logs/parser.assert b/.tests/sshd-logs/parser.assert
index f92212e8db0..92a438d196e 100644
--- a/.tests/sshd-logs/parser.assert
+++ b/.tests/sshd-logs/parser.assert
@@ -1,5 +1,5 @@
 len(results) == 3
-len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 18
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 19
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == true
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["logsource"] == "syslog"
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["message"] == "Invalid user pascal from 35.188.49.176 port 53502"
@@ -180,7 +180,17 @@ results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["datasource_path"]
 results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["machine"] == "eve"
 results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Whitelisted == false
-len(results["s01-parse"]["crowdsecurity/sshd-logs"]) == 18
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["message"] == "fatal: Timeout before authentication for 192.168.9.212 port 47056"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["pid"] == "8807"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["timestamp"] == "Jul  1 09:30:56"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["datasource_path"] == "sshd-logs.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["machine"] == "usbkey"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Whitelisted == false
+len(results["s01-parse"]["crowdsecurity/sshd-logs"]) == 19
 results["s01-parse"]["crowdsecurity/sshd-logs"][0].Success == true
 results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["logsource"] == "syslog"
 results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["message"] == "Invalid user pascal from 35.188.49.176 port 53502"
@@ -450,4 +460,18 @@ results["s01-parse"]["crowdsecurity/sshd-logs"][17].Evt.Meta["service"] == "ssh"
 results["s01-parse"]["crowdsecurity/sshd-logs"][17].Evt.Meta["source_ip"] == "192.168.1.2"
 results["s01-parse"]["crowdsecurity/sshd-logs"][17].Evt.Meta["target_user"] == "root"
 results["s01-parse"]["crowdsecurity/sshd-logs"][17].Evt.Whitelisted == false
-len(results["success"][""]) == 0
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["message"] == "fatal: Timeout before authentication for 192.168.9.212 port 47056"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["pid"] == "8807"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["sshd_client_ip"] == "192.168.9.212"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Parsed["timestamp"] == "Jul  1 09:30:56"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["datasource_path"] == "sshd-logs.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["log_type"] == "ssh_auth_timeout"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["machine"] == "usbkey"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Meta["source_ip"] == "192.168.9.212"
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Evt.Whitelisted == false
+len(results["success"][""]) == 0
\ No newline at end of file
diff --git a/.tests/sshd-logs/sshd-logs.log b/.tests/sshd-logs/sshd-logs.log
index 188d729697f..337b440b167 100644
--- a/.tests/sshd-logs/sshd-logs.log
+++ b/.tests/sshd-logs/sshd-logs.log
@@ -16,3 +16,4 @@ Jul  7 06:11:48 node1 sshd[1625360]: Unable to negotiate with 123.123.123.123 po
 Feb 8 17:15:01 hostname sshd[1478159]: Connection reset by authenticating user root 80.94.92.63 port 49115 [preauth]
 2023-11-14T00:20:42.738197+01:00 myserver sshd[1112652]: User root from 192.168.1.1 not allowed because not listed in AllowUsers
 Apr  6 18:51:41 eve sshd[2784424]: Failed password for invalid user root from 192.168.1.2 port 51182 ssh2
+Jul  1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056
\ No newline at end of file
diff --git a/collections/crowdsecurity/sshd.yaml b/collections/crowdsecurity/sshd.yaml
index a3da3c1466d..85a5eb4eb5b 100644
--- a/collections/crowdsecurity/sshd.yaml
+++ b/collections/crowdsecurity/sshd.yaml
@@ -3,6 +3,7 @@ parsers:
 scenarios:
   - crowdsecurity/ssh-bf
   - crowdsecurity/ssh-slow-bf
+  - crowdsecurity/ssh-cve-2024-6387
 description: "sshd support : parser and brute-force detection"
 contexts:
   - crowdsecurity/bf_base
diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
index 71043c0d5b1..59f4db6ef2e 100644
--- a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
@@ -16,8 +16,9 @@ pattern_syntax:
   #following: https://github.com/crowdsecurity/crowdsec/issues/1201 - some scanners behave differently and trigger this one
   SSHD_PREAUTH_AUTHENTICATING_USER_ALT: 'Disconnected from (authenticating|invalid) user %{USERNAME:sshd_invalid_user} %{IP_WORKAROUND:sshd_client_ip} port \d+ \[preauth\]'
   SSHD_BAD_KEY_NEGOTIATION: 'Unable to negotiate with %{IP_WORKAROUND:sshd_client_ip} port \d+: no matching (host key type|key exchange method|MAC) found.'
-# in case there are blocked by /etc/ssh/sshd_config AllowUsers xx yy
+# in case they are blocked by /etc/ssh/sshd_config AllowUsers xx yy
   SSHD_NOT_ALLOWED_USER: 'User %{USERNAME:sshd_invalid_user}? from %{IP_WORKAROUND:sshd_client_ip}( port \d+)? not allowed because not listed in AllowUsers'
+  SSHD_AUTH_TIMEOUT: 'Timeout before authentication for %{IP_WORKAROUND:sshd_client_ip}( port \d+)?'
 nodes:
   - grok:
       name: "SSHD_FAIL"
@@ -103,6 +104,12 @@ nodes:
       statics:
         - meta: log_type
           value: ssh_bad_keyexchange
+  - grok:
+      name: "SSHD_AUTH_TIMEOUT"
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: ssh_auth_timeout
 statics:
     - meta: service
       value: ssh
diff --git a/scenarios/crowdsecurity/ssh-cve-2024-6387.md b/scenarios/crowdsecurity/ssh-cve-2024-6387.md
new file mode 100644
index 00000000000..5524059d8ec
--- /dev/null
+++ b/scenarios/crowdsecurity/ssh-cve-2024-6387.md
@@ -0,0 +1,2 @@
+Detect exploitation attempts of CVE-2024-6387
+ 
\ No newline at end of file
diff --git a/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml
new file mode 100644
index 00000000000..929d8176257
--- /dev/null
+++ b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml
@@ -0,0 +1,20 @@
+# ssh bruteforce
+type: leaky
+name: crowdsecurity/ssh-cve-2024-6387
+description: "Detect exploitation attempt of CVE-2024-6387"
+filter: "evt.Meta.log_type == 'ssh_auth_timeout'"
+leakspeed: "180s"
+capacity: 3
+groupby: evt.Meta.source_ip
+blackhole: 1m
+reprocess: true
+labels:
+  service: ssh
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - cve.CVE-2024-6387
+  label: "SSH CVE-2024-6387"
+  behavior: "ssh:exploit"
+  remediation: true
\ No newline at end of file
diff --git a/taxonomy/behaviors.json b/taxonomy/behaviors.json
index 46a4374b7e6..30b0558d095 100644
--- a/taxonomy/behaviors.json
+++ b/taxonomy/behaviors.json
@@ -94,6 +94,11 @@
         "label": "SSH Bruteforce",
         "name": "ssh:bruteforce"
     },
+    "ssh:exploit": {
+        "description": "IP has been reported for attempting to exploit a vulnerability in SSH.",
+        "label": "SSH Exploit",
+        "name": "ssh:exploit" 
+    },
     "tcp:scan": {
         "description": "IP has been reported for performing TCP port scanning.",
         "label": "TCP Scan",
diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
index ee292d75a69..19c2ac562ba 100644
--- a/taxonomy/scenarios.json
+++ b/taxonomy/scenarios.json
@@ -3970,6 +3970,22 @@
     "cti": true,
     "service": "ssh"
   },
+  "crowdsecurity/ssh-cve-2024-6387": {
+    "name": "crowdsecurity/ssh-cve-2024-6387",
+    "description": "Detect exploitation attempt of CVE-2024-6387",
+    "label": "SSH CVE-2024-6387",
+    "behaviors": [],
+    "mitre_attacks": [
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "ssh",
+    "cves": [
+      "CVE-2024-6387"
+    ]
+  },
   "crowdsecurity/ssh-slow-bf": {
     "name": "crowdsecurity/ssh-slow-bf",
     "description": "Detect slow ssh bruteforce",