Add signal criteria to community blocklist documentation

crowdsec-docs/docs/central_api/blocklist.md

@@ -15,15 +15,43 @@ The Community Blocklist is **only** available when using the Security Engine. To
 :::
 
 The rules are different for free and paying users:
- - Free users that **do not regularly** contribute get the `Community Blocklist (Lite)`
- - Free users that **do regularly** contribute get access to the `Community Blocklist`
+ - Free users that **do not regularly contribute signals** get the `Community Blocklist (Lite)`
+ - Free users that **do regularly contribute signals** get access to the `Community Blocklist`
  - Paying users get access to the `Community Blocklist (Premium)`, even if they don't contribute
 
 Regardless of the blocklist "tier" you have access to (`Lite`, `Community`, `Premium`), each Security Engine gets a tailored blocklist based on the kind of behavior you're trying to detect.
 
+## What Counts as a Signal?
+
+For your signals to be counted toward community contribution, they must meet specific criteria:
+
+### What We Count
+
+- **Signals generated by official CrowdSec scenarios from the Hub, unmodified**
+- We verify this by comparing the scenario's content hash we publish with the hash your engine reports
+
+### What We Do Not Count
+
+- **Custom scenarios you write yourself**
+- **Tainted or modified scenarios** (even small edits). We cannot reliably vet behavior once a scenario is changed, so the consensus engine ignores those signals
+
+:::info
+Modifying a parser or using a custom parser has no impact on signal validity.
+:::
+
+### Example
+
+If you only run a honeypot with a scenario you have modified, your local alerts will still fire, but the consensus engine will not use those signals. You can then show up as "not actively contributing," even though you see activity locally.
+
+### How to Make Sure Your Signals Count
+
+- **Use the scenario straight from the Hub without edits**
+- **Keep auto-updates on** so hashes stay in sync
+- **If you need custom behavior**, copy to a local scenario and use it, but understand those signals will be excluded from consensus
+
 ## Community Blocklist
 
-Free users that are actively contributing to the network (sending signal on a regular basis) have their Security Engines automatically subscribed to the *Community Blocklist*.
+Free users that are actively contributing to the network (sending signals on a regular basis) have their Security Engines automatically subscribed to the *Community Blocklist*.
 
 The content of the blocklist is unique to each Security Engine, as it mirrors the behaviours they report. For example, suppose you're running the Security Engine on a web server with WordPress. In that case, you will receive IPs performing generic attacks against web servers *and* IPs engaging in wordpress-specific attacks.
 

crowdsec-docs/versioned_docs/version-v1.7/central_api/blocklist.md

@@ -15,15 +15,43 @@ The Community Blocklist is **only** available when using the Security Engine. To
 :::
 
 The rules are different for free and paying users:
- - Free users that **do not regularly** contribute get the `Community Blocklist (Lite)`
- - Free users that **do regularly** contribute get access to the `Community Blocklist`
+ - Free users that **do not regularly contribute signals** get the `Community Blocklist (Lite)`
+ - Free users that **do regularly contribute signals** get access to the `Community Blocklist`
  - Paying users get access to the `Community Blocklist (Premium)`, even if they don't contribute
 
 Regardless of the blocklist "tier" you have access to (`Lite`, `Community`, `Premium`), each Security Engine gets a tailored blocklist based on the kind of behavior you're trying to detect.
 
+## What Counts as a Signal?
+
+For your signals to be counted toward community contribution, they must meet specific criteria:
+
+### What We Count
+
+- **Signals generated by official CrowdSec scenarios from the Hub, unmodified**
+- We verify this by comparing the scenario's content hash we publish with the hash your engine reports
+
+### What We Do Not Count
+
+- **Custom scenarios you write yourself**
+- **Tainted or modified scenarios** (even small edits). We cannot reliably vet behavior once a scenario is changed, so the consensus engine ignores those signals
+
+:::info
+Modifying a parser or using a custom parser has no impact on signal validity.
+:::
+
+### Example
+
+If you only run a honeypot with a scenario you have modified, your local alerts will still fire, but the consensus engine will not use those signals. You can then show up as "not actively contributing," even though you see activity locally.
+
+### How to Make Sure Your Signals Count
+
+- **Use the scenario straight from the Hub without edits**
+- **Keep auto-updates on** so hashes stay in sync
+- **If you need custom behavior**, copy to a local scenario and use it, but understand those signals will be excluded from consensus
+
 ## Community Blocklist
 
-Free users that are actively contributing to the network (sending signal on a regular basis) have their Security Engines automatically subscribed to the *Community Blocklist*.
+Free users that are actively contributing to the network (sending signals on a regular basis) have their Security Engines automatically subscribed to the *Community Blocklist*.
 
 The content of the blocklist is unique to each Security Engine, as it mirrors the behaviours they report. For example, suppose you're running the Security Engine on a web server with WordPress. In that case, you will receive IPs performing generic attacks against web servers *and* IPs engaging in wordpress-specific attacks.