Update command_and_control_git_repo_or_file_download_to_sus_dir.toml

Author: Aegrah

rules/linux/command_and_control_git_repo_or_file_download_to_sus_dir.toml

@@ -107,7 +107,7 @@ sequence by process.entity_id, host.id with maxspan=10s
      (process.name == "git" and process.args == "clone") or
      (process.name in ("wget", "curl") and process.command_line like~ "*github*")
   ) and not (
-    process.parent.name in ("git", "cmake", "trufflehog") or
+    process.parent.name in ("git", "cmake") or
      process.parent.args like "/root/.ansible/tmp/ansible*"
   )]
   [file where host.os.type == "linux" and event.type == "creation" and file.path like ("/tmp/*", "/var/tmp/*", "/dev/shm/*")]