rule update: add more comments

Signed-off-by: kaizhe <derek0405@gmail.com>
This commit is contained in:
kaizhe 2019-09-30 13:49:51 -07:00 committed by Leo Di Donato
parent e81decac13
commit cdb5d71eb6

View File

@ -2416,6 +2416,7 @@
tag: [process, mitre_defense_evation]
# This rule is deprecated and will/should never be triggered. Keep it here for backport compatibility.
# Rule Delete or rename shell history is the preferred rule to use now.
- rule: Delete Bash History
desc: Detect bash history deletion
condition: >