From 534a64207449a4ed05ab865cc60af42079db1680 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Mon, 13 Apr 2020 19:41:56 -0700 Subject: [PATCH] rule(Delete or rename shell history): Fix typo in tags Signed-off-by: Bob Aman --- rules/falco_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 4223639c..ff1b91cb 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -2480,7 +2480,7 @@ Shell history had been deleted or renamed (user=%user.name type=%evt.type command=%proc.cmdline fd.name=%fd.name name=%evt.arg.name path=%evt.arg.path oldpath=%evt.arg.oldpath %container.info) priority: WARNING - tags: [process, mitre_defense_evation] + tags: [process, mitre_defense_evasion] # This rule is deprecated and will/should never be triggered. Keep it here for backport compatibility. # Rule Delete or rename shell history is the preferred rule to use now.