Removed old, created new rule to bypass "type" bug

austinsonger · Feb 22, 2023 · e994b62 · e994b62
1 parent 28bda94
commit e994b62
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/...istence_shell_activity_by_web_server.toml → ...e_linux_shell_activity_by_web_server.toml b/...istence_shell_activity_by_web_server.toml → ...e_linux_shell_activity_by_web_server.toml
@@ -1,10 +1,10 @@
 [metadata]
-creation_date = "2020/02/18"
+creation_date = "2023/02/22"
 integration = ["endpoint"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/02/21"
+updated_date = "2023/02/22"
 
 [rule]
 author = ["Elastic"]
@@ -19,7 +19,7 @@ from = "now-9m"
 index = ["auditbeat-*", "logs-endpoint.events.*", "endgame-*"]
 language = "eql"
 license = "Elastic License v2"
-name = "Potential Shell via Web Server"
+name = "Potential Remote Code Execution via Web Server"
 note = """## Triage and analysis
 
 ### Investigating Potential Shell via Web Server
@@ -67,7 +67,7 @@ references = [
     "https://www.elastic.co/security-labs/elastic-response-to-the-the-spring4shell-vulnerability-cve-2022-22965",
 ]
 risk_score = 47
-rule_id = "0bb0296f-0e9f-44e5-b709-bd61e0577fd5"
+rule_id = "b7b2c320-d4db-4f8e-8f92-83f9d0c3e6a4"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Persistence", "Investigation Guide", "Elastic Endgame"]
 timestamp_override = "event.ingested"