From f69ac5c345e6a21dc50bfbf5bb09e19bfc8a3235 Mon Sep 17 00:00:00 2001
From: RobertN87 <128402924+RobertN87@users.noreply.github.com>
Date: Tue, 21 Oct 2025 20:17:56 +0200
Subject: [PATCH] Merge PR #5714 from @RobertN87 - Add missing MITRE tactics
 for 2 rules

chore: add missing MITRE tactics for 2 rules
---
 .../linux/process_creation/proc_creation_lnx_pua_trufflehog.yml  | 1 +
 .../process_creation/proc_creation_win_pua_trufflehog.yml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml b/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
index 648e4f754..d377abd26 100644
--- a/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
@@ -15,6 +15,7 @@ author: Swachchhanda Shrawan Poudel (Nextron Systems)
 date: 2025-09-24
 tags:
     - attack.discovery
+    - attack.credential-access
     - attack.t1083
     - attack.t1552.001
 logsource:
diff --git a/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml b/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
index 2103a0443..18b2baa17 100644
--- a/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
+++ b/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
@@ -15,6 +15,7 @@ author: Swachchhanda Shrawan Poudel (Nextron Systems)
 date: 2025-09-24
 tags:
     - attack.discovery
+    - attack.credential-access
     - attack.t1083
     - attack.t1552.001
 logsource: