diff --git a/rules/linux/auditd/lnx_auditd_system_info_discovery2.yml b/rules/linux/auditd/lnx_auditd_system_info_discovery2.yml
new file mode 100644
index 000000000..60f5afa4f
--- /dev/null
+++ b/rules/linux/auditd/lnx_auditd_system_info_discovery2.yml
@@ -0,0 +1,35 @@
+title: System Information Discovery
+id: 1f358e2e-cb63-43c3-b575-dfb072a6814f
+related:
+    - id: 42df45e7-e6e9-43b5-8f26-bec5b39cc239
+      type: derived
+status: stable
+description: Detects system information discovery commands
+author: Ömer Günal, oscd.community
+date: 2020/10/08
+modified: 2020/05/30
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md
+tags:
+    - attack.discovery
+    - attack.t1082
+logsource:
+    product: linux
+    service: auditd
+detection:
+    selection:
+      type: 'PATH'
+      name:
+          - '/sys/class/dmi/id/bios_version'
+          - '/sys/class/dmi/id/product_name'
+          - '/sys/class/dmi/id/chassis_vendor'
+          - '/proc/scsi/scsi'
+          - '/proc/ide/hd0/model'
+          - '/proc/version'
+          - '/etc/*version'
+          - '/etc/*release'
+          - '/etc/issue'
+    condition: selection
+falsepositives:
+    - Legitimate administration activities
+level: informational
\ No newline at end of file
diff --git a/rules/linux/lnx_system_info_discovery.yml b/rules/linux/lnx_system_info_discovery.yml
index f8b68956e..21f1c28b4 100644
--- a/rules/linux/lnx_system_info_discovery.yml
+++ b/rules/linux/lnx_system_info_discovery.yml
@@ -1,5 +1,5 @@
-action: global
 title: System Information Discovery
+id: 42df45e7-e6e9-43b5-8f26-bec5b39cc239
 status: stable
 description: Detects system information discovery commands
 author: Ömer Günal, oscd.community
@@ -7,14 +7,9 @@ date: 2020/10/08
 modified: 2020/05/30
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md
-falsepositives:
-    - Legitimate administration activities
-level: informational
 tags:
     - attack.discovery
     - attack.t1082
----
-id: 42df45e7-e6e9-43b5-8f26-bec5b39cc239
 logsource:
     product: linux
     category: process_creation
@@ -29,22 +24,6 @@ detection:
           - '/lscpu'
           - '/lsmod'
     condition: selection
----
-id: 1f358e2e-cb63-43c3-b575-dfb072a6814f
-logsource:
-    product: linux
-    service: auditd
-detection:
-    selection:
-      type: 'PATH'
-      name:
-          - '/sys/class/dmi/id/bios_version'
-          - '/sys/class/dmi/id/product_name'
-          - '/sys/class/dmi/id/chassis_vendor'
-          - '/proc/scsi/scsi'
-          - '/proc/ide/hd0/model'
-          - '/proc/version'
-          - '/etc/*version'
-          - '/etc/*release'
-          - '/etc/issue'
-    condition: selection
+falsepositives:
+    - Legitimate administration activities
+level: informational
\ No newline at end of file