tweak

defensivedepth · defensivedepth · commit 97d1d678e90f · 2025-05-27T10:41:56.000-04:00
diff --git a/playbook/dev/sigma/1182f3b3-e716-4efa-99ab-d2685d04360f.yaml b/playbook/dev/sigma/1182f3b3-e716-4efa-99ab-d2685d04360f.yaml
@@ -20,8 +20,7 @@ questions:
     query: |
       aggregation: false
       logsource:
-        category: process_creation
-        product: linux
+        category: alert
       detection:
         selection:
           document_id|expand: '%document_id%'
@@ -42,8 +41,7 @@ questions:
     query: |
       aggregation: false
       logsource:
-        category: process_creation
-        product: linux
+        category: alert
       detection:
         selection:
           document_id|expand: '%document_id%'
