Update collection_linux_clipboard_activity.toml

Author: Aegrah

rules/linux/collection_linux_clipboard_activity.toml

@@ -39,7 +39,7 @@ timestamp_override = "event.ingested"
 type = "new_terms"
 query = '''
 event.category:process and host.os.type:"linux" and event.type:"start" and
-event.action:("exec" or "exec_event" or "executed" or "process_started" or "ProcessRollup2") and
+event.action:("exec" or "exec_event" or "executed" or "process_started" or "start") and
 process.name:("xclip" or "xsel" or "wl-clipboard" or "clipman" or "copyq") and
 not process.parent.name:("bwrap" or "micro")
 '''