Open psanz-estc opened 4 months ago
https://www.elastic.co/guide/en/security/current/tampering-of-shell-command-line-history.html
We should update the docs for the rules that reference the word command line or shell in it, to specify they do not log activity directly, and only external script executions or direct calls from binaries
CC: @Aegrah
Link to rule
https://www.elastic.co/guide/en/security/current/tampering-of-shell-command-line-history.html
Description
We should update the docs for the rules that reference the word command line or shell in it, to specify they do not log activity directly, and only external script executions or direct calls from binaries