Update lnx_sudo_cve_2019_14287.yml

2020-10-15 23:03:40 -03:00
parent 0ca17e88f6
commit 83bad3de98
1 changed files with 3 additions and 7 deletions
@@ -19,15 +19,11 @@ tags:
    - attack.privilege_escalation
    - attack.t1068
    - attack.t1169
---
-detection:
-    selection_keywords:
-        - '* -u#*'
-    condition: selection_keywords
--- 
 detection:
+    selection_keyword|contains:
+        - ' -u#'
    selection_user:
        USER:
            - '#-*'
            - '#*4294967295'
-    condition: selection_user
+    condition: selection_keywords or selection_user