From 378f663502e5c99b17bce8872c058c964a277a39 Mon Sep 17 00:00:00 2001
From: yugoslavskiy <daniil@yugoslavskiy.com>
Date: Wed, 2 Dec 2020 01:28:29 +0100
Subject: [PATCH] Update lnx_clear_logs.yml

---
 rules/linux/lnx_clear_logs.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/linux/lnx_clear_logs.yml b/rules/linux/lnx_clear_logs.yml
index 8908c3da..e6c71f42 100644
--- a/rules/linux/lnx_clear_logs.yml
+++ b/rules/linux/lnx_clear_logs.yml
@@ -10,14 +10,14 @@ logsource:
     product: linux
     category: process_creation
 detection:
-    selection1:
+    selection:
         ProcessName|endswith:
             - '/rm'    # covers /rmdir as well
             - '/shred'
         CommandLine|contains:
             - '/var/log'
             - '/var/spool/mail'
-    condition: selection1 and selection2
+    condition: selection
 falsepositives:
     - Legitimate administration activities
 level: low