rule(Delete or rename shell history): Fix typo in tags

Signed-off-by: Bob Aman <bob@sporkmonger.com>
2025-09-14 14:00:21 +00:00 · 2020-04-13 19:41:56 -07:00
parent fd572f4bd2
commit 534a642074
1 changed files with 1 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2480,7 +2480,7 @@
    Shell history had been deleted or renamed (user=%user.name type=%evt.type command=%proc.cmdline fd.name=%fd.name name=%evt.arg.name path=%evt.arg.path oldpath=%evt.arg.oldpath %container.info)
  priority:
    WARNING
-  tags: [process, mitre_defense_evation]
+  tags: [process, mitre_defense_evasion]

 # This rule is deprecated and will/should never be triggered. Keep it here for backport compatibility.
 # Rule Delete or rename shell history is the preferred rule to use now.