From 1244cacfbfcd827f03e7d260e4398df53f2d1a91 Mon Sep 17 00:00:00 2001
From: Timur Zinniatullin <zinin.t@gmail.com>
Date: Tue, 25 Aug 2020 09:20:27 +0300
Subject: [PATCH] Update lnx_auditd_create_account.yml

---
 rules/linux/auditd/lnx_auditd_create_account.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules/linux/auditd/lnx_auditd_create_account.yml b/rules/linux/auditd/lnx_auditd_create_account.yml
index 14be30c03..f3ac6df9c 100644
--- a/rules/linux/auditd/lnx_auditd_create_account.yml
+++ b/rules/linux/auditd/lnx_auditd_create_account.yml
@@ -1,12 +1,13 @@
 title: Creation Of An User Account
 id: 759d0d51-bc99-4b5e-9add-8f5b2c8e7512
 status: experimental
-description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system" 
+description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system"
 references:
     - 'MITRE Attack technique T1136; Create Account '
 date: 2020/05/18
 tags:
-    - attack.t1136
+    - attack.t1136    # an old one
+    - attack.t1136.001
     - attack.persistence
 author: Marie Euler
 logsource: