Update rules/linux/discovery_proc_maps_read.toml

Author: Aegrah

rules/linux/discovery_proc_maps_read.toml

@@ -65,7 +65,7 @@ timestamp_override = "event.ingested"
 type = "eql"
 query = '''
 process where host.os.type == "linux" and event.type == "start" and event.action ("exec", "exec_event", "start", "ProcessRollup2") and
-process.name in ("cat", "grep", "tail", "less", "egrep", "fgrep") and process.args : "/proc/*/maps"
+process.name in ("cat", "grep", "tail", "less", "more", "egrep", "fgrep") and process.args like "/proc/*/maps"
 '''
 note = """## Triage and analysis