diff --git a/rules/integrations/endpoint/elastic_endpoint_security.toml b/rules/integrations/endpoint/elastic_endpoint_security.toml
index 5042a0d65..bc12e3253 100644
--- a/rules/integrations/endpoint/elastic_endpoint_security.toml
+++ b/rules/integrations/endpoint/elastic_endpoint_security.toml
@@ -1,8 +1,7 @@
 [metadata]
 creation_date = "2020/07/08"
 maturity = "production"
-updated_date = "2021/08/25"
-integration = "endpoint"
+updated_date = "2021/09/03"
 
 [rule]
 author = ["Elastic"]
@@ -26,7 +25,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.kind:alert and event.module:(endpoint and not endgame) and not event.code: behavior
+event.kind:alert and event.module:(endpoint and not endgame)
 '''