From 8bd859f55067c73ed74debec50b762ced43f0e8d Mon Sep 17 00:00:00 2001
From: zakibro <48967550+zakibro@users.noreply.github.com>
Date: Fri, 3 Sep 2021 13:07:42 +0200
Subject: [PATCH] Update lnx_auditd_system_info_discovery.yml

---
 rules/linux/auditd/lnx_auditd_system_info_discovery.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
index 56fba47f7..1a3d1035c 100644
--- a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
+++ b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
@@ -16,12 +16,12 @@ detection:
            - /etc/lsb-release
            - /etc/redhat-release
            - /etc/issue
-    condition: 'selection or selection2'
-    selection2:
+   selection2:
        type: EXECVE
        a0:
            - uname
            - uptime
+    condition: 'selection or selection2'
 tags:
    - attack.discovery
    - attack.t1082