added indentation to lists per request

rules/linux/process_creation/clear_syslog.yml

@@ -15,13 +15,13 @@ logsource:
 detection:
    selection:
       CommandLine|contains:
-      - 'rm /var/log/syslog'
-      - 'rm -r /var/log/syslog'
-      - 'rm -f /var/log/syslog'
-      - 'rm -rf /var/log/syslog'
-      - 'mv /var/log/syslog'
-      - ' >/var/log/syslog'
-      - ' > /var/log/syslog'
+         - 'rm /var/log/syslog'
+         - 'rm -r /var/log/syslog'
+         - 'rm -f /var/log/syslog'
+         - 'rm -rf /var/log/syslog'
+         - 'mv /var/log/syslog'
+         - ' >/var/log/syslog'
+         - ' > /var/log/syslog'
    condition: selection
 falsepositives:
    - Log rotation.

rules/linux/process_creation/clipboard_collection.yml

@@ -17,12 +17,12 @@ detection:
       Image|contains: 'xclip'
     selection2:
       CommandLine|contains:
-      - '-selection'
-      - '-sel'
+        - '-selection'
+        - '-sel'
     selection3:
       CommandLine|contains:
-      - 'clipboard'
-      - 'clip'
+        - 'clipboard'
+        - 'clip'
     selection4:
       CommandLine|contains: '-o'
     condition: selection1 and selection2 and selection3 and selection4

rules/linux/process_creation/dd_file_overwrite.yml

@@ -19,8 +19,8 @@ detection:
       CommandLine|contains: 'of='
    selection3:
       CommandLine|contains:
-      - 'if=/dev/zero'
-      - 'if=/dev/null'
+         - 'if=/dev/zero'
+         - 'if=/dev/null'
    condition: selection1 and selection2 and selection3
 falsepositives:
    - Any user deleting files that way.