diff --git a/rules/linux/lnx_system_info_discovery.yml b/rules/linux/lnx_system_info_discovery.yml
new file mode 100644
index 000000000..eabff7636
--- /dev/null
+++ b/rules/linux/lnx_system_info_discovery.yml
@@ -0,0 +1,48 @@
+action: global
+title: System Information Discovery
+id: 42df45e7-e6e9-43b5-8f26-bec5b39cc239
+status: stable
+description: Detects system information discovery commands
+author: Ömer Günal, oscd.community
+date: 2020/10/08
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md
+falsepositives:
+    - Legitimate administration activities
+level: low
+tags:
+    - attack.discovery
+    - attack.t1082
+---
+logsource:
+    product: linux
+    categories: process_creation
+detection:
+    selection:
+        ProcessName|endswith:
+          - '/uname'
+          - '/hostname'
+          - '/uptime'
+          - '/lspci'
+          - '/dmidecode'
+          - '/lscpu'
+          - '/lsmod'
+    condition: selection
+---
+logsource:
+    product: linux
+    categories: auditd
+detection:
+    selection:
+      type: 'PATH'
+      name:
+          - '/sys/class/dmi/id/bios_version'
+          - '/sys/class/dmi/id/product_name'
+          - '/sys/class/dmi/id/chassis_vendor'
+          - '/proc/scsi/scsi'
+          - '/proc/ide/hd0/model'
+          - '/proc/version'
+          - '/etc/*version'
+          - '/etc/*release'
+          - '/etc/issue'
+    condition: selection