From 83bad3de983f0e85d561a7e27ed0042df230e793 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 23:03:40 -0300
Subject: [PATCH] Update lnx_sudo_cve_2019_14287.yml

---
 rules/linux/lnx_sudo_cve_2019_14287.yml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/rules/linux/lnx_sudo_cve_2019_14287.yml b/rules/linux/lnx_sudo_cve_2019_14287.yml
index ff20897bb..d75d4d0f9 100644
--- a/rules/linux/lnx_sudo_cve_2019_14287.yml
+++ b/rules/linux/lnx_sudo_cve_2019_14287.yml
@@ -19,15 +19,11 @@ tags:
     - attack.privilege_escalation
     - attack.t1068
     - attack.t1169
----
-detection:
-    selection_keywords:
-        - '* -u#*'
-    condition: selection_keywords
---- 
 detection:
+    selection_keyword|contains:
+        - ' -u#'
     selection_user:
         USER:
             - '#-*'
             - '#*4294967295'
-    condition: selection_user
\ No newline at end of file
+    condition: selection_keywords or selection_user