diff --git a/rules/linux/lnx_disabling_security_tools.yml b/rules/linux/lnx_disabling_security_tools.yml
deleted file mode 100644
index a8b03d99b..000000000
--- a/rules/linux/lnx_disabling_security_tools.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-title: Disabling Security Tools
-id: e3a8a052-111f-4606-9aee-f28ebeb76776
-description: Detects disabling security tools
-references:
-    - https://attack.mitre.org/techniques/T1089/
-    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1089/T1089.md
-author: Ömer Günal
-date: 2020/06/17
-tags:
-    - attack.defense_evasion
-    - attack.t1089
-level: medium
-logsource:
-    product: linux
-detection:
-    keywords:
-        - Command|contains:
-          - 'service iptables stop'
-          - 'chkconfig off iptables'
-          - 'service ip6tables stop'
-          - 'chkconfig off ip6tables'
-        - CarbonBlack|contains:
-          - 'service cbdaemon stop'
-          - 'chkconfig off cbdaemon'
-          - 'systemctl stop cbdaemon'
-          - 'systemctl disable cbdaemon'
-        - SELinux:
-          - 'setenforce 0'
-        - Crowdstrike|contains:
-          - 'systemctl stop falcon-sensor.service'
-          - 'systemctl disable falcon-sensor.service'
-    condition: keywords
-falsepositives:
-    - Legitimate administration activities