diff --git a/rules/linux/lnx_clear_logs.yml b/rules/linux/lnx_clear_logs.yml
index d914293bb..057fb4702 100644
--- a/rules/linux/lnx_clear_logs.yml
+++ b/rules/linux/lnx_clear_logs.yml
@@ -8,6 +8,7 @@ references:
     - https://attack.mitre.org/techniques/T1070/002/
 logsource:
     product: linux
+    category: process_creation
 detection:
     keywords:
         - Commands|contains:
@@ -15,6 +16,8 @@ detection:
           - 'shred -u /var/log*'
           - 'echo * > /var/log*'
           - 'rmdir * /var/log*'
+          - 'rm * /private/var/audit/*'
+          - 'rm * /private/var/log/system.log*'
     condition: keywords
 falsepositives:
     - Legitimate administration activities