Update proc_creation_lnx_susp_history_delete.yml

2022-06-22 07:04:30 +02:00
parent 8096f06c18
commit fe72dbf62f
1 changed files with 3 additions and 1 deletions
@@ -13,7 +13,9 @@ detection:
  selection:
    Image|endswith: '/rm'
  selection_history:
-    - CommandLine|contains: '/.bash_history'
+    - CommandLine|contains: 
+      - '/.bash_history'
+      - '/.zsh_history
    - CommandLine|endswith: '_history'
  condition: all of selection*
 falsepositives: