Playbook for User Deleting Bash History - Cloud

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • This playbook provides systematic remediation steps to investigate incidents that indicate if someone was trying to remove the bash history (.bash_history) file from a Linux server.

    Note:
    You need to mitigate this alert cautiously, as this alerts gets rarely triggered and it potentially indicates an insider threat.