Revert "Back-porting Version Trimming (#3681)"

This reverts commit 71d2c59b5c.

rules/linux/persistence_kernel_driver_load.toml

@@ -2,15 +2,17 @@
 creation_date = "2023/10/26"
 integration = ["auditd_manager"]
 maturity = "production"
-updated_date = "2024/05/21"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2024/02/22"
 
 [rule]
 author = ["Elastic"]
 description = """
-Detects the loading of a Linux kernel module through system calls. Threat actors may leverage Linux kernel modules to
+Detects the loading of a Linux kernel module through system calls. Threat actors may leverage Linux kernel modules to 
 load a rootkit on a system providing them with complete control and the ability to hide from security products. As other
-rules monitor for the addition of Linux kernel modules through system utilities or .ko files, this rule covers the gap
-that evasive rootkits leverage by monitoring for kernel module additions on the lowest level through auditd_manager.
+rules monitor for the addition of Linux kernel modules through system utilities or .ko files, this rule covers the gap 
+that evasive rootkits leverage by monitoring for kernel module additions on the lowest level through auditd_manager. 
 """
 from = "now-9m"
 index = ["auditbeat-*", "logs-auditd_manager.auditd-*"]
@@ -42,49 +44,47 @@ Add the newly installed `auditd manager` to an agent policy, and deploy the agen
 """
 severity = "low"
 tags = [
-    "Data Source: Auditd Manager",
-    "Domain: Endpoint",
-    "OS: Linux",
-    "Use Case: Threat Detection",
-    "Tactic: Persistence",
-    "Tactic: Defense Evasion",
-]
+        "Data Source: Auditd Manager",
+        "Domain: Endpoint",
+        "OS: Linux",
+        "Use Case: Threat Detection",
+        "Tactic: Persistence",
+        "Tactic: Defense Evasion"
+        ]
 timestamp_override = "event.ingested"
 type = "eql"
-
 query = '''
 driver where host.os.type == "linux" and event.action == "loaded-kernel-module" and
 auditd.data.syscall in ("init_module", "finit_module")
 '''
 
-
 [[rule.threat]]
 framework = "MITRE ATT&CK"
+
 [[rule.threat.technique]]
 id = "T1547"
 name = "Boot or Logon Autostart Execution"
 reference = "https://attack.mitre.org/techniques/T1547/"
+
 [[rule.threat.technique.subtechnique]]
 id = "T1547.006"
 name = "Kernel Modules and Extensions"
 reference = "https://attack.mitre.org/techniques/T1547/006/"
 
-
-
 [rule.threat.tactic]
 id = "TA0003"
 name = "Persistence"
 reference = "https://attack.mitre.org/tactics/TA0003/"
+
 [[rule.threat]]
 framework = "MITRE ATT&CK"
-[[rule.threat.technique]]
-id = "T1014"
-name = "Rootkit"
-reference = "https://attack.mitre.org/techniques/T1014/"
-
 
 [rule.threat.tactic]
 id = "TA0005"
 name = "Defense Evasion"
 reference = "https://attack.mitre.org/tactics/TA0005/"
 
+[[rule.threat.technique]]
+name = "Rootkit"
+id = "T1014"
+reference = "https://attack.mitre.org/techniques/T1014/"