saving uncommitted changes in /etc prior to dnf run

crowdsec/hub/scenarios/crowdsecurity/http-xss-probing.yaml

@@ -15,6 +15,11 @@ blackhole: 5m
 #low false positives approach : we require distinct payloads to avoid false positives
 distinct: evt.Parsed.http_args
 labels:
-  service: http
-  type: xss_probing
   remediation: true
+  classification:
+    - attack.T1595.002
+  behavior: "http:exploit"
+  label: "XSS Attempt"
+  spoofable: 0
+  service: http
+  confidence: 3