diff --git a/.tests/dropbear-logs/dropbear-logs.log b/.tests/dropbear-logs/dropbear-logs.log
index f44168b85ee..8edc774f1bb 100644
--- a/.tests/dropbear-logs/dropbear-logs.log
+++ b/.tests/dropbear-logs/dropbear-logs.log
@@ -1,3 +1,5 @@
 Exit (root): Disconnect received
 Bad PAM password attempt for 'foobar' from 192.168.9.163:49242
-Login attempt for nonexistent user from 192.168.9.163:49906
\ No newline at end of file
+Login attempt for nonexistent user from 192.168.9.163:49906
+Exit before auth from <8.218.205.116:35928>: Bad buf_getptr
+
diff --git a/.tests/dropbear-logs/parser.assert b/.tests/dropbear-logs/parser.assert
index a302879a070..dd80a40f3e2 100644
--- a/.tests/dropbear-logs/parser.assert
+++ b/.tests/dropbear-logs/parser.assert
@@ -1,25 +1,35 @@
 len(results) == 3
-len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 3
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 4
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "Exit (root): Disconnect received"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "dropbear"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "dropbear-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "Bad PAM password attempt for 'foobar' from 192.168.9.163:49242"
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "dropbear"
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "dropbear-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "Login attempt for nonexistent user from 192.168.9.163:49906"
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "dropbear"
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
-len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 3
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "Exit before auth from <8.218.205.116:35928>: Bad buf_getptr"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "dropbear"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "dropbear-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 4
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
-len(results["s01-parse"]["crowdsecurity/dropbear-logs"]) == 3
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+len(results["s01-parse"]["crowdsecurity/dropbear-logs"]) == 4
 results["s01-parse"]["crowdsecurity/dropbear-logs"][0].Success == false
 results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Success == true
 results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Parsed["message"] == "Bad PAM password attempt for 'foobar' from 192.168.9.163:49242"
@@ -33,13 +43,27 @@ results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["log_type"] == "
 results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["service"] == "dropbear"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["source_ip"] == "192.168.9.163"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["target_user"] == "foobar"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Success == true
-results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["program"] == "dropbear"
-results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["source_ip"] == "192.168.9.163"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["message"] == "Login attempt for nonexistent user from 192.168.9.163:49906"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["port"] == "49906"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["program"] == "dropbear"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["source_ip"] == "192.168.9.163"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["log_type"] == "ssh_failed-auth"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["service"] == "dropbear"
 results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["source_ip"] == "192.168.9.163"
-results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
-results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Success == true
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["message"] == "Exit before auth from <8.218.205.116:35928>: Bad buf_getptr"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["port"] == "35928"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["program"] == "dropbear"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["source_ip"] == "8.218.205.116"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["datasource_path"] == "dropbear-logs.log"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["service"] == "dropbear"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["source_ip"] == "8.218.205.116"
+results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Whitelisted == false
+len(results["success"][""]) == 0