From 1dc0fcec47aff275b896486762df4b6e83eb43fd Mon Sep 17 00:00:00 2001
From: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Date: Fri, 22 Jul 2022 20:44:14 -0400
Subject: [PATCH] add CVE to tag (#2127)

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
---
 .../macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml b/rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml
index 38ef18992..45a66834f 100644
--- a/rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml
+++ b/rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/01/04"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2022/07/20"
 
 [rule]
 author = ["Elastic"]
@@ -19,7 +19,7 @@ references = ["https://theevilbit.github.io/posts/cve_2020_9771/"]
 risk_score = 73
 rule_id = "b00bcd89-000c-4425-b94c-716ef67762f6"
 severity = "high"
-tags = ["Elastic", "Host", "macOS", "Threat Detection", "Defense Evasion"]
+tags = ["Elastic", "Host", "macOS", "Threat Detection", "Defense Evasion", "CVE_2020_9771"]
 timestamp_override = "event.ingested"
 type = "query"