From 72fdf0da459bc110f00694a3bfedf3bc8f5e8469 Mon Sep 17 00:00:00 2001
From: Timur Zinniatullin <zinin.t@gmail.com>
Date: Tue, 4 Aug 2020 20:00:30 +0300
Subject: [PATCH] Update lnx_auditd_susp_cmds.yml

---
 rules/linux/auditd/lnx_auditd_susp_cmds.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/linux/auditd/lnx_auditd_susp_cmds.yml b/rules/linux/auditd/lnx_auditd_susp_cmds.yml
index e05847324..1b18d682c 100644
--- a/rules/linux/auditd/lnx_auditd_susp_cmds.yml
+++ b/rules/linux/auditd/lnx_auditd_susp_cmds.yml
@@ -6,7 +6,7 @@ references:
     - Internal Research - mostly derived from exploit code including code in MSF
 tags:
     - attack.execution
-    - attack.1059.004
+    - attack.t1059.004
 date: 2017/12/12
 author: Florian Roth
 logsource: