From 4d4b09a627a9dce7e854ef93095b35e72cf3d7cb Mon Sep 17 00:00:00 2001
From: keyboardcrunch <>
Date: Sun, 6 Dec 2020 01:09:10 -0600
Subject: [PATCH] fixed false pos

---
 queries/linux/local_account_added_nix.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/queries/linux/local_account_added_nix.yml b/queries/linux/local_account_added_nix.yml
index 643927d..49280b8 100644
--- a/queries/linux/local_account_added_nix.yml
+++ b/queries/linux/local_account_added_nix.yml
@@ -9,6 +9,7 @@ mitre:
    subtechnique: 
 operating_system: linux
 query: SrcProcCmdLine In Contains Anycase ("useradd")
-false_positives: General account maintenance.
+false_positives: 
+   - General account maintenance.
 tags: 
 references: