@@ -64,7 +64,6 @@ questions:
6464 aggregation: true
6565 logsource:
6666 category: process_creation
67- product: linux
6867 detection:
6968 selection:
7069 hostname|expand: '%hostname%'
@@ -98,7 +97,6 @@ questions:
9897 aggregation: false
9998 logsource:
10099 category: file_event
101- product: linux
102100 detection:
103101 selection:
104102 hostname|expand: '%hostname%'
@@ -129,7 +127,6 @@ questions:
129127 aggregation: false
130128 logsource:
131129 category: process_creation
132- product: linux
133130 detection:
134131 selection:
135132 ParentProcessGuid|expand: '%ProcessGuid%'
@@ -151,7 +148,6 @@ questions:
151148 aggregation: true
152149 logsource:
153150 category: process_creation
154- product: linux
155151 detection:
156152 selection:
157153 hostname|expand: '%hostname%'
@@ -194,7 +190,6 @@ questions:
194190 aggregation: true
195191 logsource:
196192 category: network_connection
197- product: linux
198193 detection:
199194 selection:
200195 hostname|expand: '%hostname%'
@@ -237,7 +232,6 @@ questions:
237232 aggregation: true
238233 logsource:
239234 category: file_event
240- product: linux
241235 detection:
242236 selection:
243237 hostname|expand: '%hostname%'
@@ -274,7 +268,6 @@ questions:
274268 aggregation: true
275269 logsource:
276270 category: process_creation
277- product: linux
278271 detection:
279272 selection:
280273 hostname|expand: '%hostname%'
@@ -298,7 +291,6 @@ questions:
298291 aggregation: true
299292 logsource:
300293 category: process_creation
301- product: linux
302294 detection:
303295 selection:
304296 Image|expand: '%Image%' # Use the exact Image that triggered the alert
@@ -323,7 +315,6 @@ questions:
323315 aggregation: true
324316 logsource:
325317 category: process_creation
326- product: linux
327318 detection:
328319 selection:
329320 hostname|expand: '%hostname%'
@@ -349,7 +340,6 @@ questions:
349340 aggregation: false
350341 logsource:
351342 category: process_creation
352- product: linux
353343 detection:
354344 selection:
355345 hostname|expand: '%hostname%'
0 commit comments