diff --git a/rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml b/rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml
index fc1ec32b0..b2ee22d01 100644
--- a/rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml
@@ -4,9 +4,10 @@ status: test
 description: Detects specific commands commonly used to remove or empty the syslog. Which is often used by attacker as a method to hide their tracks
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1070.002/T1070.002.md
+    - https://www.virustotal.com/gui/file/54d60fd58d7fa3475fa123985bfc1594df26da25c1f5fbc7dfdba15876dd8ac5/behavior
 author: Max Altgelt (Nextron Systems), Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research), MSTIC
 date: 2021-10-15
-modified: 2022-09-15
+modified: 2024-10-14
 tags:
     - attack.defense-evasion
     - attack.t1070.002
@@ -27,6 +28,7 @@ detection:
             - 'mv /var/log/syslog'
             - ' >/var/log/syslog'
             - ' > /var/log/syslog'
+            - 'journalctl --vacuum'
     condition: selection
 falsepositives:
     - Log rotation.