Br3akp0int
Br3akp0int
fix is in PR https://github.com/splunk/security_content/pull/2298
> Updated the sourcetype, version and date of all detections to auditd. However, can you check @tccontre is we still need those `linux_auditd_normalized*` macros in the searches ! noted. agree...
will close this one since most of the detections that uses PROCTILE and EXECVE needs a new attackdata and updated detection searches. https://github.com/splunk/security_content/pull/3352