Update lnx_auditd_system_info_discovery.yml

2021-09-03 13:07:42 +02:00
parent 864286e206
commit 8bd859f550
1 changed files with 2 additions and 2 deletions
@@ -16,12 +16,12 @@ detection:
           - /etc/lsb-release
           - /etc/redhat-release
           - /etc/issue
-    condition: 'selection or selection2'
-    selection2:
+   selection2:
       type: EXECVE
       a0:
           - uname
           - uptime
+    condition: 'selection or selection2'
 tags:
   - attack.discovery
   - attack.t1082