wizard.sh -c will not detect all the services, only the common ones. So depend what services do you need to monitor.
From which network the attacks are performed ? If it's from private network, may be you are not detecting attacks because of default whitelist that is installed.
You can confirm this showing the parsers
sudo cscli parsers list
- name: check if Crowdsec CLI cscli exist stat: path: /usr/bin/cscli register: stat_result - name: Update Crowdsec hub command: "cscli hub update" when: stat_result.stat.exists - name: Upgrade Crowdsec hub command: "cscli hub upgrade" when: stat_result.stat.exists
become_flags: '-i'makes sudo load http_proxy env var on remote host (http_proxy var are set in /etc/profile on remote)