Linux Video Recording or Screenshot Activity Detected

event.category:process and host.os.type:"linux" and event.type:"start" and event.action:("exec" or "exec_event" or "start") and
process.name:(
  "gnome-screenshot" or "spectacle" or "xfce4-screenshooter" or "mate-screenshot" or "scrot" or "maim" or "import" or "grim" or
  "grimshot" or "slurp" or "flameshot" or "shutter" or "ksnip" or "deepin-screenshot" or "simplescreenrecorder" or "kazam" or
  "vokoscreen" or "recordmydesktop" or "obs" or "obs-studio"
) and
not process.args:("-h" or "--help" or "--version")