additional shells for both rules fix

2024-11-06 17:35:19 +00:00 · 2020-10-17 02:33:32 +03:00 · 2020-10-17 02:33:32 +03:00 · 65854752a9
commit 65854752a9
parent fb3bee0cad
2 changed files with 4 additions and 0 deletions
--- a/rules/linux/lnx_susp_histfile_operations.yml
+++ b/rules/linux/lnx_susp_histfile_operations.yml
@ -22,6 +22,7 @@ detection:
        keywords|contains:
            - '.bash_history'
            - '.zsh_history'
+            - '.zhistory'
            - '.history'
            - '.sh_history'
            - 'fish_history'
--- a/rules/linux/macos_susp_histfile_operations.yml
+++ b/rules/linux/macos_susp_histfile_operations.yml
@ -19,6 +19,9 @@ detection:
        CommandLine|contains:
            - '.bash_history'
            - '.zsh_history'
+            - '.zhistory'
+            - '.history'
+            - '.sh_history'
    condition: selection
 falsepositives:
    - 'Legitimate administrative activity'