Update rules/linux/discovery_proc_maps_read.toml

Author: Aegrah

rules/linux/discovery_proc_maps_read.toml

@@ -64,7 +64,7 @@ tags = [
 timestamp_override = "event.ingested"
 type = "eql"
 query = '''
-process where host.os.type == "linux" and event.type == "start" and event.action ("exec", "exec_event", "start", "ProcessRollup2") and
+process where host.os.type == "linux" and event.type == "start" and event.action in ("exec", "exec_event", "start", "ProcessRollup2") and
 process.name in ("cat", "grep", "tail", "less", "more", "egrep", "fgrep") and process.args like "/proc/*/maps"
 '''
 note = """## Triage and analysis