From 11e7bdc7270e7cae1be6f464bd8f8087f93f5d97 Mon Sep 17 00:00:00 2001
From: zinint <zinin.t@gmail.com>
Date: Wed, 30 Oct 2019 22:59:46 +0300
Subject: [PATCH] Update lnx_network_sniffing.yml

---
 rules/linux/auditd/lnx_network_sniffing.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/linux/auditd/lnx_network_sniffing.yml b/rules/linux/auditd/lnx_network_sniffing.yml
index 31879c528..70cae6654 100644
--- a/rules/linux/auditd/lnx_network_sniffing.yml
+++ b/rules/linux/auditd/lnx_network_sniffing.yml
@@ -23,7 +23,7 @@ detection:
         a0: 'tshark'
         a1: '-c'
         a3: '-i'
-    condition: 1 of them
+    condition: selection1 or selection2
 falsepositives:
     - Admin activity
 level: low