diff --git a/rules/linux/auditd/lnx_auditd_user_discovery.yml b/rules/linux/auditd/lnx_auditd_user_discovery.yml
index 90ff5695e41..1434f8edcd3 100644
--- a/rules/linux/auditd/lnx_auditd_user_discovery.yml
+++ b/rules/linux/auditd/lnx_auditd_user_discovery.yml
@@ -6,9 +6,9 @@ description: |
     Adversaries may use the information from System Owner/User Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1033/T1033.md
-author: Timur Zinniatullin, oscd.community
+author: Timur Zinniatullin, oscd.community, CheraghiMilad
 date: 2019-10-21
-modified: 2024-11-30
+modified: 2024-12-13
 tags:
     - attack.discovery
     - attack.t1033
@@ -26,6 +26,7 @@ detection:
             - 'w'
             - 'who'
             - 'whoami'
+            - 'uname'
     condition: selection
 falsepositives:
     - Admin activity