Playbook for User Deleting Bash History - Cloud
This playbook provides systematic remediation steps to investigate incidents that indicate if someone was trying to remove the bash history (.bash_history) file from a Linux server.
注:
You need to mitigate this alert cautiously, as this alerts gets rarely triggered and it potentially indicates an insider threat.