Interactive

content/en/docs/reference/rules/default-macros/interactive.md

latest144 B

yaml

- macro: interactive
  condition: >
    ((proc.aname=sshd and proc.name != sshd) or
    proc.name=systemd-logind or proc.name=login)