From 815134df7f8fdb13e3dbc4ee90d3a899e36e49ef Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Fri, 3 Sep 2021 13:30:10 +0200
Subject: [PATCH] Cleanup

---
 .../auditd/lnx_auditd_system_info_discovery.yml      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
index 1a3d1035c..8578ba32e 100644
--- a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
+++ b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
@@ -1,11 +1,11 @@
-title: 'System Information Discovery'
-description: 'Detects System Information Discovery commands'
+title: System Information Discovery
+description: Detects System Information Discovery commands
 author: 'Pawel Mazur'
 status: experimental
 date: 2021/09/03
 references:
-   - 'https://attack.mitre.org/techniques/T1082/'
-   - 'https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md'
+   - https://attack.mitre.org/techniques/T1082/
+   - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md
 logsource:
    product: linux
    service: auditd
@@ -21,10 +21,10 @@ detection:
        a0:
            - uname
            - uptime
-    condition: 'selection or selection2'
+   condition: selection or selection2
 tags:
    - attack.discovery
    - attack.t1082
 falsepositives:
-   - 'Legitimate administrative activity'
+   - Legitimate administrative activity
 level: low