From 2dec2ae9c06efc4e1f6dc3f297bc683d1733f02e Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Wed, 11 Oct 2023 15:47:24 +0100
Subject: [PATCH] Mad lad updates

---
 crowdsec-docs/docs/profiles/captcha_profile.md | 6 ++++++
 crowdsec-docs/docs/profiles/cti_profile.md     | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/crowdsec-docs/docs/profiles/captcha_profile.md b/crowdsec-docs/docs/profiles/captcha_profile.md
index f45d2668..b528ce76 100644
--- a/crowdsec-docs/docs/profiles/captcha_profile.md
+++ b/crowdsec-docs/docs/profiles/captcha_profile.md
@@ -6,6 +6,10 @@ sidebar_position: 2
 
 Here is an example of a profile that provides users with a captcha challenge when they trigger a HTTP scenario.
 
+:::info
+You **MUST** have configured a remediation component that supports captcha challenges, see [Remediation](/bouncers/intro.md).
+:::
+
 ```yaml
 name: captcha_remediation
 filters:
@@ -26,6 +30,8 @@ decisions:
 on_success: break
 ```
 
+The key piece of profile to point out is the `on_success` directive. It is set to `break` to ensure that the alert will not be evaluated by other profiles so the offender will only get a captcha decision.
+
 However, you may want to provide a limit to captcha challenges within a period of time to a given IP address because they may ignore your captcha challenges and still cause load on your server.
 
 You can use the `GetDecisionsCount` or `GetDecisionsSinceCount` helper to achieve this:
diff --git a/crowdsec-docs/docs/profiles/cti_profile.md b/crowdsec-docs/docs/profiles/cti_profile.md
index ccea7637..69a448fe 100644
--- a/crowdsec-docs/docs/profiles/cti_profile.md
+++ b/crowdsec-docs/docs/profiles/cti_profile.md
@@ -1,7 +1,7 @@
 ---
 id: cti_profile
 title: CrowdSec CTI
-sidebar_position: 2
+sidebar_position: 1
 ---
 
 Here is an example of a profile that uses the CTI module to make decisions based on the background noise score of an IP address.
@@ -52,7 +52,8 @@ decisions:
  - type: ban
    duration: 12h
 duration_expr: "Sprintf('%dm', (240 + (144 * CrowdsecCTI(Alert.GetValue()).GetBackgroundNoiseScore()))"
-## 240 minutes (4 hours) + 144 minutes (2 hours) per point of background noise score
+## 240 minutes (4 hours) + 144 minutes per point of background noise score
+## 144 = 24 * 60 / 10
 on_success: break
 ---
 name: default_ip_remediation