diff --git a/pyproject.toml b/pyproject.toml
index c1636f4242b..ccc7f40f54c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.5.3"
+version = "1.5.4"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"
diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
index 58af2b79841..3996cdaa086 100644
--- a/tests/test_all_rules.py
+++ b/tests/test_all_rules.py
@@ -1112,6 +1112,30 @@ def test_ml_integration_jobs_exist(self):
                 f"The following ({len(failures)}) rules are missing a valid `machine_learning_job_id`:\n{err_msg}"
             )
 
+    def test_preserve_upstream_protected_rule_id_name(self):
+        """
+        Ensure upstream referenced rule IDs and rule names remain unchanged
+        """
+        protected_rules = {"9a1a2dae-0b5f-4c3d-8305-a268d404c306": "Endpoint Security (Elastic Defend)"}
+
+        failures: list[str] = []
+        for rule_id, rule_name in protected_rules.items():
+            try:
+                if rule_name != self.rc.id_map[rule_id].name:
+                    failures.append(
+                        f"Protected rule_id {rule_id} name modified from '{rule_name}' to '{self.rc.id_map[rule_id].name}' - review upstream impact"
+                    )
+            except KeyError:
+                failures.append(
+                    f"Protected rule: {rule_name} rule_id: {rule_id} missing/modified - review upstream impact"
+                )
+
+        if failures:
+            fail_msg = """
+            The following protected prebuilt rules have missing/modified rule IDs or names \n
+            """
+            self.fail(fail_msg + "\n".join(failures))
+
 
 class TestRuleTiming(BaseRuleTest):
     """Test rule timing and timestamps."""