I've updated the rule to also look for signs of shopt (Shell Options: https://ss64.com/bash/shopt.html ) being used to disable bash history logging and added the source intel.
Changelog
update: Clear Command History
Example Log Event
N/A
Fixed Issues
N/A
SigmaHQ Rule Creation Conventions
If your PR adds new rules, please consider following and applying these conventions
Summary of the Pull Request
I've updated the rule to also look for signs of shopt (Shell Options: https://ss64.com/bash/shopt.html ) being used to disable bash history logging and added the source intel.
Changelog
update: Clear Command History
Example Log Event
N/A
Fixed Issues
N/A
SigmaHQ Rule Creation Conventions