Update lnx_auditd_steghide_extract_steganography.yml

2024-11-06 17:35:19 +00:00 · 2021-09-11 11:19:21 +02:00 · 2021-09-11 11:19:21 +02:00 · 6412ddaaee
commit 6412ddaaee
parent d0741f9f3a
1 changed files with 2 additions and 5 deletions
--- a/rules/linux/auditd/lnx_auditd_steghide_extract_steganography.yml
+++ b/rules/linux/auditd/lnx_auditd_steghide_extract_steganography.yml
@ -17,15 +17,12 @@ logsource:
   product: linux
   service: auditd
 detection:
-   type: 
+   Steghide: 
       type: EXECVE
-   commands:
       a0: steghide
       a1: extract
-   a2:
       a2: '-sf'
-   a3:
       a3|endswith:
         - '.jpg'
         - '.png'
-   condition: type and commands and a2 and a3
+   condition: Steghide