[Rule Tuning] Threat Intel Hash Indicator Match (#3031)

* Remove impash matches due to rate of false positives

* Update rules/cross-platform/threat_intel_indicator_match_hash.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

rules/cross-platform/threat_intel_indicator_match_hash.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2023/05/22"
 maturity = "production"
-updated_date = "2023/07/24"
+updated_date = "2023/08/23"
 min_stack_comments = """
 Limiting the backport of these rules to the stack version which we are deprecating the Threat Intel Indicator Match
 general rules.
@@ -104,7 +104,7 @@ threat_query = '''
 '''
 
 query = """
-file.hash.*:* or file.pe.imphash:* or process.hash.*:* or process.pe.imphash:* or dll.hash.*:*
+file.hash.*:* or process.hash.*:* or dll.hash.*:*
 """
 
 
@@ -165,12 +165,6 @@ field = "file.hash.sha256"
 type = "mapping"
 value = "threat.indicator.file.hash.sha256"
 
-[[rule.threat_mapping]]
-[[rule.threat_mapping.entries]]
-field = "file.pe.imphash"
-type = "mapping"
-value = "threat.indicator.file.pe.imphash"
-
 [[rule.threat_mapping]]
 [[rule.threat_mapping.entries]]
 field = "dll.hash.md5"
@@ -206,9 +200,3 @@ value = "threat.indicator.file.hash.sha1"
 field = "process.hash.sha256"
 type = "mapping"
 value = "threat.indicator.file.hash.sha256"
-
-[[rule.threat_mapping]]
-[[rule.threat_mapping.entries]]
-field = "process.pe.imphash"
-type = "mapping"
-value = "threat.indicator.file.pe.imphash"